US6598057B1 - Method and apparatus for generating configuration files using policy descriptions - Google Patents

Method and apparatus for generating configuration files using policy descriptions Download PDF

Info

Publication number
US6598057B1
US6598057B1 US09/470,105 US47010599A US6598057B1 US 6598057 B1 US6598057 B1 US 6598057B1 US 47010599 A US47010599 A US 47010599A US 6598057 B1 US6598057 B1 US 6598057B1
Authority
US
United States
Prior art keywords
configuration file
parameters
configuration
option
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US09/470,105
Inventor
Erik J. Synnestvedt
Gregory F. Morris
Hugh W. Gabrielson
Joshua B. Littlefield
Kenneth I. Oliver
Phillip T. DiBello
Richard A. Coco
Richard M. Woundy
Andrew H. Sudduth
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Technology Inc filed Critical Cisco Technology Inc
Priority to US09/470,105 priority Critical patent/US6598057B1/en
Assigned to CISCO TECHNOLOGY, INC. reassignment CISCO TECHNOLOGY, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: COCO, RICHARD A., DIBELLO, PHILLIP T., GABRIELSON, HUGH W., LITTLEFIELD, JOSHUA B., MORRIS, GREGORY F., OLIVER, KENNETH I., SYNNESTVEDT, ERIK J., SUDDUTH, ANDREW H., WOUNDY. RICHARD M.
Application granted granted Critical
Publication of US6598057B1 publication Critical patent/US6598057B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Definitions

  • the present invention relates generally to data communications devices and more specifically to the generation of configuration files for data communications devices.
  • TFTP Trivial File Transfer Protocol
  • UDP Internet User Datagram protocol
  • TFTP is designed to be small and easy to implement. Therefore, it lacks most of the features of a regular FTP. The only thing it can do is read and write files from and to a remote server. It cannot list directories, and has no provisions for user authentication. In common with other Internet protocols, it passes 8 bit bytes of data.
  • TFTP supports five types of packets: opcode operation 1 Read request (RRQ) 2 Write request (WRQ) 3 Data (DATA) 4 Acknowledgment (ACK) 5 Error (ERROR)
  • the TFTP header of a packet contains the opcode associated with that packet.
  • An RRQ packet as depicted above, would contain an opcode of I and a nullterminated Filename and Mode.
  • DOCSIS Data Over Cable Service Interface Specification
  • a headend is a central distribution point for a coaxial or fiber cable-based transmission system. Signals are received from satellite or other sources, frequencies are converted to appropriate channels, possibly combined with locally originated signals and then rebroadcast to cable subscriber equipment (i.e., cable modems).
  • a cable modem (“CM”) provides access to a network by way of a coaxial connection. Cable modems generally provide faster access than conventional telephone line or ISDN modems.
  • DHCP Dynamic Host Configuration Protocol
  • DHCP Dynamic Host Configuration Protocol
  • LDAP Lightweight Directory Access Protocol
  • LDAP is a network application protocol (designed to work on TCP/IP stacks) used to read and write information from a data store.
  • LDAP is a “lightweight” version of the X.500 specification, it gives client applications the ability to store and retrieve network configuration information, such as a user name, e-mail address, security certificate, or other contact information.
  • IEEE has developed a set of standards to define methods of access and control on local area networks.
  • the IEEE 802 standards correspond to the physical and data-link layers of the ISO Open Systems Interconnection model, but they divide the data-link layer into two sublayers.
  • the logical link control (LLC) sublayer applies to all IEEE 802 standards and covers station-to-station connections, generation of message frames, and error control.
  • the media access control (MAC) sublayer dealing with network access and collision detection, differs from one IEEE 802 standard to another: IEEE 802.3 is used for bus networks that use CSMA/CD, both broadband and baseband, and the baseband version is based on the Ethernet standard.
  • IEEE 802.4 is used for bus networks that use token passing, and IEEE 802.5 is used for ring networks that use token passing (token ring networks).
  • IEEE 802.6 is an emerging standard for metropolitan area networks, which transmit data, voice, and video over distances of more than five kilometers.
  • CMTS (“Cable Modem Termination Service”) is a headend device than can act as a cable modem router.
  • a computer network providing cable modem access is configured with a host computer connected to a cable modem either directly or through an Ethernet connection.
  • the cable modem is ultimately connected to a CMTS, the CMTS provides access to other networks (e.g., the Internet) and servers (e.g., TFTP, LDAP, DHCP) attached to the networks.
  • networks e.g., the Internet
  • servers e.g., TFTP, LDAP, DHCP
  • Cable modems are configured using DOCSIS compliant files typically transferred from a TFTP server. These configuration files are binary files, consisting of a sequence of 8-bit data, as distinguished from files consisting of human-readable ASCII text. Binary files are usually in a form readable only by a program, often compressed or structured in a way that is easy for a particular program to read.
  • the present invention provides a method of generating a binary configuration file by receiving an identification encoded filename, parsing the identification encoded filename to determine identification parameters, matching the identification parameters to a set of configuration policy data to create configuration file parameters, and generating the binary configuration file from the configuration file parameters.
  • the identification encoded filename can be can be run through an authentication check to provide increased security. Once created, the binary configuration file can also be validated, providing increased integrity.
  • the method is run on a TFTP server.
  • the method involves querying an LDAP server for certain configuration policy data, the configuration policy data being optionally cached on the TFTP server.
  • the resulting configuration can be generated according to the DOCSIS configuration file standard, including removing non-version applicable DOCSIS configuration file parameters when generating the binary configuration file.
  • the present invention can also be used to generate an annotated configuration file from the configuration file parameters, the annotated configuration file being viewable through a user interface.
  • the present invention is implemented as a sequence of computer program instructions, these instructions may exist on any computer readable medium, including an electromagnetic wave.
  • the present invention provides the advantages of allowing for more effective broadband provisioning through better configuration file management as well as allowing for the creation of more flexible subscriber service plans.
  • FIG. 1 is a block diagram of a system topology configured according to an embodiment of the present invention.
  • FIG. 2 is a block diagram of the hierarchy of objects of the File class as embodied in the present invention.
  • FIG. 3 is a flow diagram showing steps in the configuration file generation process levels as used in an embodiment of the present invention.
  • FIG. 4 is a flow diagram showing the various steps performed by a preferred embodiment of the present invention.
  • FIG. 5 is a schematic diagram showing the display system of the present invention.
  • a new TFTP service providing DOCSIS file generation capabilities is described; it supports effective broadband provisioning and improved configuration file management.
  • the new TFTP service generates DOCSIS compliant cable modem configuration files with appropriate classes of service, based upon a request from the cable modem and using user registration information stored in an LDAP directory.
  • the new TFTP service runs on a standard RFC-1350 compliant TFTP server.
  • the TFTP server can also be used to perform standard TFTP services, such as downloading software upgrades to cable modems, as well as providing the new service of dynamically generating DOCSIS compliant configuration files.
  • FIG. 1 is a block diagram of a system topology configured according to an embodiment of the present invention.
  • a computer 100 e.g., an IBM Personal Computer
  • cable modem 102 e.g., a Cisco Systems uBR904 Cable Modem
  • the cable modem 102 is connected by coaxial cable to a cable modem termination service 104 (e.g., Cisco Systems uBR7246 Cable Modem Termination Service).
  • the cable modem termination service 104 is housed in a cable headend 118 .
  • the cable modem termination service 104 is connected to a router 106 which provides access to network data center 130 which contains a Domain Name Service (“DNS”) server 120 , a DHCP server 122 , a TFTP server 124 and an LDAP server 125 .
  • Router 106 also connects cable modem termination service 104 to the Internet 108 .
  • Multiple Internet servers 110 are connected to Internet 108 and are therefore accessible by users of computers 100 connected into the topology. Certain Internet servers 110 are maintained by Internet service providers 126 . Requests for configuration originate at cable modem 102 and travel to TFTP server 124 , where a DOCSIS binary configuration file is generated and sent back to cable modem 102 .
  • FIG. 2 is a block diagram of the hierarchy of objects of the Filelnterface class 200 as embodied of the present invention, the following classes define the interfaces the TFTP server 124 will use to access static files and DOCSIS files.
  • the FileInterface class 200 represents a generic file which can be read or written.
  • the StaticFile class 202 inherits from Filelnterface class 200 , and represents a file that exists in the file system.
  • the DynamicFile class 204 inherits from FileInterface class 200 , and represents a file that exists in memory.
  • the DOCSISFile class 206 inherits from DynamicFile class 204 , and represents a DOCSIS compliant configuration file.
  • the FileInterface class 200 provides the basic operations of open, close, read and write. Flavors of open include, read-only, write-only and read-write. Additionally, flags for appending at end-of-file, open and truncating, creating and opening, and opening only if file doesn't already exist, are defined.
  • the StaticFile class 202 will inherit from the Filelnterface class 200 .
  • the open method will be responsible for checking access controls on the file being accessed and will return access denied, file not found or OK. Access controls will be checked by matching the filename against the administratively configured TFTP home directory and optional alternate paths.
  • the constructor will take an argument specifying the mode of the file transfer, octet or netascii and perform the appropriate transformation on the file data.
  • the DOCSISFile class 206 will inherit from the DynamicFile class 204 which inherits from the FileInterface class 200 .
  • the purpose of the DynamicFile class 204 is to provide a place to put common methods associated with dynamic or in-memory files allowing the TFTP server 124 to be easily extended to serve other types of dynamic files.
  • the open method will be responsible for contacting the LDAP server via the middleware, verifying the client's IP address, constructing a DOCSIS file image in memory and verifying the integrity of that image.
  • the open method may return access denied, file not found, or OK.
  • DOCSIS files can only be opened for reading. As such, the open call will return access denied if a write flag is passed to the open call.
  • the close method will be responsible for releasing all resources associated with the DOCSIS file. DOCSIS files will not be cached in memory beyond the call to close.
  • the constructor will take an argument specifying the IP address of the client requesting the file. This argument is used for validation as described in the next section.
  • FIG. 3 is a flow diagram showing various steps in the configuration file generation process levels as used in an embodiment of the present invention.
  • the binary configuration process receives an identification encoded filename at Step 300 .
  • the identification encoded filename identifies the cable modem 102 for which a binary configuration file is to be generated.
  • the identification encoded filename is parsed at Step 302 , breaking out its parameters. It is then checked (Step 304 ) for authenticity. If the filename is not authentic an authentication error is issued at Step 306 and the process ends, otherwise parameters derived from the identification encoded filename and data located in various data stores is matched against policy data (Step 308 ).
  • Matching consists of locating policy information for various components (e.g., cable modem vendor, subnet, CMTS, CMTS Group and default policies), constructing lists, applying rules and removing non-applicable options.
  • the results of the matching Step 308 generate a binary configuration file (Step 310 ).
  • the binary configuration is checked for validity at Step 312 , if it is found to be invalid a validation error is issued at Step 314 , otherwise the binary configuration file is sent to the cable modem in Step 316 .
  • FIG. 4 is a flow diagram showing the various steps performed by a preferred embodiment of the present invention.
  • a DOCSIS configuration file is dynamically generated based upon a RRQ message received by an augmented TFTP server 124 .
  • the invention can generate a DOCSIS file for the TFTP server 124 (i.e., a binary configuration file) or a DOCSIS file for the display system 500 (an annotated configuration file). If the configuration file generation is being performed on behalf of the TFTP server 124 , then directory searches will be confined to the pre-populated LDAP directory snapshot cache except where noted.
  • Steps being used only for directory verification are to confirm the consistency of the configuration information stored in the LDAP directory or cache and are only performed if the debug option to verify configuration information is enabled. If the configuration file generation aborts, then an error message will be written to the message log.
  • Configuration files can be used to define the equipments's operating mode, such as: downstream and upstream service assignments, assigned frequencies, data rates, modulation schemes, class of service, and type of service.
  • the filename contained in a TFTP read request is parsed to determine if the request is for a normal file, or a binary DOCSIS configuration file.
  • the file name to be parsed is composed of a requested filename and a DOCSIS pathname prefix setting (defined in the LDAP server or the DHCP/DNS information backup). Additionally, a message logfile destination and message log level are received. The level of logging is a configurable setting (e.g., log only errors, log errors and warnings).
  • the filename parsing process outputs a status, success if filename is in proper syntax, or failure if the first portion of the filename matches the DOCSIS request prefix, but the remaining portion of the filename does not have the proper syntax.
  • a warning message Upon failure a warning message will be logged and the failure status returned.
  • Another output is a DOCSIS request boolean flag, this flag is set to true if the first portion of the filename matches the DOCSIS pathname prefix. Because a DOCSIS filename is formed by the DHCP server 122 no special handling is required for operating system specific filename differences such as drive letters or forward versus backward slashes. The DHCP server 122 will use the exact pathname prefix stored in the LDAP directory. The MAC address of the cable modem that the configuration file is being generated for is also output. The parser performs a case insensitive compare of the next portion of the requested filename against “/MAC-”.
  • the parser If the strings match, then extract the remaining portion of the filename and validate that it has the proper format for a MAC Address. If the filename does not pass the tests for a “/MAC-” prefix and valid MAC address, then the parser writes a warning message to the message log (if the desired level of logging information includes warnings) and returns a failure status.
  • Inputs to the generation process include a boolean flag indicating the DOCSIS configuration file is being generated on behalf of the TFTP server 124 . If the file is being generated for the TFTP server 124 , then the generation request will be authenticated and LDAP directory lookups for certain objects will be restricted to the snapshot cache taken at server start-up. Otherwise, the authentication is skipped, the LDAP cache is not pre-populated, and directory lookups may read from the LDAP directory if the object is not found in the cache.
  • the MAC address of the cable modem for which the DOCSIS configuration file is being generated is received as input and used as the key to locate the cable modem object for this cable modem.
  • the TFTP server 124 obtains the MAC address of the cable modem by parsing the special filename in the TFTP request packet sent by the cable modem.
  • the source IP address of the TFTP request packet (or 0 if the configuration file is not being generated on behalf of the TFTP server 124 ) is received by the generation process.
  • the IP address is used to authenticate the DOCSIS configuration file request.
  • the DOCSIS version of the cable modem is received and used to determine the DOCSIS version the generated configuration file should conform to. This allows the process to ignore old configuration options that are no longer applicable in a configuration file that conforms to a new DOCSIS version, or ignore new configuration options that should not be present in a configuration file that conforms to an old DOCSIS version.
  • the TFTP server 124 and the display system 500 obtain the DOCSIS version from the Version attribute of the cable modem object.
  • the LDAP connection is used to obtain the cable modem object, the IP address lease object and other objects directly associated with the cable modem object from the LDAP directory, all other objects are obtained from the directory snapshot cache loaded at server start-up.
  • the LDAP configuration parameters control LDAP access. These include the LDAP search filter, search scope, request time-out, connection count, and LDAP distinguished name (“DN”) to get to the object tree containing the cable modem objects.
  • the TFTP server 124 obtains these parameters from its configuration information stored in the LDAP directory (minimal initial LDAP connection parameters are stored in a local configuration database).
  • the LDAP cache is an in-memory cache of directory objects.
  • the cache When generating a DOCSIS configuration file for the TFTP server 124 , the cache is pre-populated with a snapshot of the directory objects needed for DOCSIS configuration file generation (except for Cable modem objects and objects directly associated with a Cable modem object).
  • the cache When generating a DOCSIS configuration file for the display system 500 the cache is only used to speed up access to directory objects and can be empty.
  • a boolean flag is received, indicating whether directory integrity verification is enabled for checking the contents of directory objects.
  • the TFTP server 124 obtains the value for this flag from the “data-integrity-checking” property stored in a local configuration database.
  • the TFTP server 124 will use this parameter to associate dynamically allocated memory with a particular TFTP client session to ensure all the memory is freed at the end of the session.
  • a message logfile indicating where to write messages to as well as a message log level indicating the level of logging configuration setting e.g., log only errors, log errors and warnings.
  • An indication of success or failure is output. Since the generation algorithm performs various integrity checks and validations, the configuration file generation may fail.
  • Another output is the DOCSIS configuration as an in-memory binary file.
  • This is a complete cable modem binary configuration file as described in the DOCSIS Radio Frequency Interface Specification.
  • the file consists of cable modem-specific configuration data stored as a series of configuration settings formed by type, length and value entries.
  • the TFTP server 124 will download the in-memory configuration file to the cable modem. It may also be written to disk for debug tracing.
  • the display system 500 makes no use of the binary configuration file. Creating a binary configuration file from the display system 500 provides a check that the TFTP server 124 will not encounter problems when it generates the binary configuration file.
  • the DOCSIS configuration as a list of Policy action objects is output.
  • This is a list of Policy action objects indexed by the configuration setting type they represent.
  • the binary configuration file is generated from this list.
  • the list corresponds closely to the binary file, with only automatically generated configuration settings such as the TFTP server Timestamp, CM Message Integrity Service (“MIC”), CMTS MIC, End-of-Data Marker, etc. missing from the list.
  • the TFTP server 124 makes no direct use of the policy action list.
  • the display system 500 uses the policy action list to generate the “list all cable modem options” display.
  • the in-memory configuration file can not be used for this purpose as it only contains the actual configuration settings.
  • the “list all cable modem options” display provides information about the policies that caused the particular configuration setting to be generated. It is this information that the policy action objects provide.
  • the DOCSIS configuration file is being generated based upon a TFTP request from a cable modem, rather than for display in the display system 500 , then an attempt is made to detect the case where a rogue cable modem tries to configure itself with options reserved for another cable modem.
  • the network address list type is obtained from the IP address lease object, it specifies the format of the IP address contained in the network address list. Confirm that the network address list type exists and has a value of 0. If this check fails, then the directory or cache is corrupt and the configuration file generation aborts.
  • Validate the source IP address of the TFTP request by comparing the source address of the TFTP request to the IP address of the cable modem obtained from the IP address lease object. If the addresses do not match, then the configuration file is not generated, an informational message is logged, and a status is returned indicating the request could not be authenticated. If the addresses do not match, then one of two conditions is present. Either the DHCP server 122 has not yet updated the cable modem object with this cable modem's current information or a rogue cable modem is trying to configure itself with options reserved for another cable modem. In either event, the TFTP server 124 will ignore the request, forcing the cable modem to retry later.
  • Step 406 Locate the Cable Modem Vendor Based Configuration Policy
  • the vendor prefix is the three octet prefix of the MAC address.
  • a missing vendor based policy is allowed since the vendor of the cable modem may be under the control of the subscriber, whereas other policy objects are based on items controlled by the Multiple Service Organization (“MSO”). If multiple dictionary entry objects are returned by the search, then the directory or cache is corrupt, and the configuration file generation aborts.
  • MSO Multiple Service Organization
  • the vendor name associated with the vendor prefix by obtaining the value of the dictionary entry name from the dictionary entry object (this should be the unique vendor name). If the dictionary entry name attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt, and the configuration file generation aborts.
  • Locate the vendor modem provision object by searching for a vendor modem provision object whose element name value matches the unique vendor name obtained from the dictionary. If a vendor modem provision object is not found for the vendor name an informational message is logged and the configuration file generation proceeds without a vendor based configuration policy. If multiple vendor modem provision objects are returned by the search, then the LDAP directory or cache is corrupt, and the configuration file generation aborts.
  • Step 408 Locate the Subnet Based Configuration Policy
  • Locate the subnet based configuration policy by first locating the subnet modem provision object by searching for a subnet modem provision object whose network address list attribute contains an IP address/mask that matches the bits of the cable modem's IP address. The search may return multiple subnet modem provision objects as subnets can overlap. If multiple objects are returned, they are sorted by mask and the object with the largest mask (and therefore smallest subnet) is selected. Second, verify the element type contains the required value of “Subnet” and confirm the network address list type attribute of the subnet modem provision object is 1. If either of these checks fail, then the directory or cache is corrupt and the configuration file generation aborts.
  • CMTS modem provision object via the parent element attribute value from the subnet modem provision object previously located. If the parent element attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
  • CMTS modem provision object Locate the CMTS modem provision object using the distinguished name obtained from the parent element in the previous step. If a CMTS modem provision object is not found or if multiple CMTS modem provision objects are found, then the directory or cache is corrupt and the configuration file generation aborts.
  • CMTS modem provision object located in the previous section. If the parent element attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
  • Locate the CMTS group modem provision object by searching for a CMTS group modem provision object using the distinguished name obtained from the parent element in the previous step. If a CMTS group modem provision object is not found or if multiple CMTS group modem provision objects are found, then the directory or cache is corrupt and the configuration file generation aborts.
  • Verify element type contains and element name attributes have a value of “SystemDefault”. Confirm the parent element attribute has a null value. If any of these checks fail, then the directory or cache is corrupt and the configuration file generation aborts.
  • Locate the service tuples for each service package and for each service package locate the dictionary entry object whose dictionary entry type attribute value is “service-package” and whose dictionary entry name attribute matches the name of the service package. If a Dictionary entry object is not found, or multiple objects are found, then the directory or cache is corrupt and the configuration file generation aborts. Obtain the dictionary entry data attribute values from the dictionary entry object. This is the list of service type and service level tuples required to support the service package. If the dictionary entry data attribute is not present, or the attribute has no value, or the value is empty, then the directory or cache is corrupt and the configuration file generation aborts. Append these values to the list of service tuples for the cable modem being configured and continue to process the next service package obtained from the cable modem object.
  • Policies are applied to the list of service tuples to form a list of policy action objects.
  • CMTS group modem provision CMTS modem provision, subnet modem provision, vendor modem provision and cable modem objects obtained in the previous steps, in the order given, perform the following:
  • Locate the modem provision policy by searching for a modem provision policy object using the distinguished name obtained from the policy list attribute value in the previous step. If the configuration file generation is being performed on behalf of the TFTP server 124 , then the search will be confined to the pre-populated LDAP cache, unless the current list of policies came from the cable modem object, in which case the cache is bypassed and the LDAP directory is searched directly. This is done for the all of the searches in this section and allows the TFTP server 124 to access policy objects that are directly associated with the cable modem the configuration file is being generated for. If a modem provision policy object is not found or if multiple objects are found, then the directory or cache is corrupt and the configuration file generation aborts.
  • the policy condition set attribute from the modem provision policy object. If the policy condition set attribute is not present, or the attribute does not have a value, or the value is an empty string, then the LDAP directory or cache is considered corrupt, an error message is logged, and the configuration file generation aborts in error.
  • Verify that the policy condition set attribute has the required form by verifying that it contains one and only one value. If this check fails, then the directory or cache is corrupt and the configuration file generation aborts.
  • Locate the policy condition object by searching with the distinguished name obtained from the policy condition set attribute value in the previous step. If a policy condition object is not found or if multiple objects are found, then the directory or cache is corrupt and the configuration file generation aborts.
  • Apply the policy for each of the values obtained from the policy action set attribute First, locate the policy action object by searching for a policy action object using the distinguished name obtained from the policy action set attribute value in the previous step. If a policy action object is not found or if multiple objects are found, then the directory or cache is corrupt and the configuration file generation aborts. Then, append the policy action object to the list of policy action objects for the cable modem being configured and process the next value obtained from the policy action set attribute.
  • Verify the option specified is configurable by the administrator by confirming that the number is not 0 (Pad), 6 (CM MIC), 7 (CMTS MIC), 14 (CPE Ethernet MAC Address), 19 (TFTP Server Timestamp), 20 ( TFTP Server Provisioned Modem Address), or 255 (End-of-Data). Encodings for these configuration settings will be created when the configuration file is generated and can not be specified by the administrator. If any of the checks fail, then the directory or cache is corrupt and the configuration file generation aborts.
  • rule given in the option operand is “S”, then discard the current policy action object and continue the configuration file generation with the next object in the list constructed in the previous phase, otherwise the sub-option is not suppressed, proceed to the next step. If the option does not have sub-options or is multi-valued, then rules apply to all instances of the option. Obtain the option operand attribute value from the last policy action object in the list map for this major option number. If the rule is “S”, then discard the current policy action object and continue the configuration file generation with the next policy action object in the list constructed in the previous phase.
  • option operand attribute value from the Policy action object. If the option operand attribute is not present, or the attribute does not have a value, or the attribute has multiple values, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
  • Verify the modem option rule by confirming the value is “R” (Replace), “A” (Append), or “S” (Suppress). If the option is not multi-valued, confirm the value is not “A”. If any of these checks fail, then the directory or cache is considered corrupt and the configuration file generation aborts.
  • rule appends the policy action object to the list in the map for this option number and continue the configuration file generation with the next policy action object in the list constructed in the previous phase. Otherwise, the rule is “R”. If the option has sub-options but is not multi-valued, then rules apply to individual sub-options and each policy action object must checked. Scan the object list in the map and remove policy action objects whose complete option number match the complete option number of the object being processed. Append the policy action object being processed to the end of the list. Otherwise, the replace rule applies to all instances. Empty the object list in the map for this option number and insert the policy action object in the empty list.
  • Obtain the DOCSIS version of the cable modem by obtaining the value of the DOCSIS version attribute (originally from the the Vendor Class Identifier option in the DHCP message) of the IP address lease object previously located. If the attribute is not present, or does not have a value, or the value is the empty string, then use 1.0 as the DOCSIS version of the cable modem. If the DOCSIS version attribute has multiple values, or the value can not be parsed as a “ ⁇ major>. ⁇ minor>” DOCSIS version number, then the directory or cache is corrupt and the configuration file generation aborts.
  • Obtain the DOCSIS version of the CMTS by obtaining the value of the DOCSIS version attribute of the CMTS modem provision object previously located. If the DOCSIS version attribute is not present, or does not have a value, or the value is the empty string, then the DOCSIS version for the CMTS is obtained from the CMTS group modem provision object previously located. If it is not possible to obtain the DOCSIS version from the CMTS group, then the directory or cache is corrupt and the configuration file generation aborts.
  • Remove options not applicable to the DOCSIS version by performing the following steps for each non-empty entry in the modem option number to policy action object list map constructed in the previous phase.
  • Second, obtain the DOCSIS version applicability of the option by obtaining the value of the dictionary entry data attribute from the Dictionary entry object. If the dictionary entry name attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
  • TLV tag-length-value
  • option format information encode the option value into a type, length and value entry and append it to the in-memory binary configuration file (or parent TLV if processing a sub-option).
  • Multi-octet values are encoded in network-byte order, i.e., the octet containing the most-significant bits is first. If this TLV is at the outer level, update the major modem option number to file offset map to reflect the TLV entry that was just added.
  • CPE Ethernet MAC address CPE Ethernet MAC address
  • TFTP server timestamp by obtaining the number of seconds since 00:00 L Jan. 1900 (i.e., RFC-868 time).
  • TFTP server timestamp Generate a TLV entry of type 19 (TFTP server timestamp) and length 4 with the number of seconds as the value and append it to the in-memory binary configuration file.
  • TFTP server 124 provisioned modem address by obtaining the value of the network address list attribute of the cable modem object and encode it into a binary value in network format (this is the IP address of the cable modem).
  • TFTP server provisioned modem address Generate a TLV entry of type 20 (TFTP server provisioned modem address) and length 4 with the IP address of the cable modem as the value and append it to the in-memory binary configuration file.
  • CM MIC by declaring a local variable of type MD5 13 CTX, then call MD5Init to initialize the variable (See RFC 1321: The MD5 Message-Digest Algorithm for more information on MD5 related functionality).
  • MD5Update passing the MD5 context variable, a pointer to the start of the buffer containing the TLV binary values, and the length of the buffer.
  • MD5Final passing the context variable to generate the MD5 digest.
  • the MD5 digest value is contained in the digest field of the context variable and is 16 bytes long. Generate a TLV entry of type 6 (cable modem message integrity check), length 16, with the MD5 digest as the value and append it to the in-memory binary configuration file.
  • CMTS modem provision object previously located. If the CMTS modem provision object is not present, or does not contain a shared secret attribute that has a non-empty value, then obtain the shared secret attribute from the CMTS group modem provision object previously located. If the shared secret attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts. Declare a local array variable to hold pointers to the TLV entries in the binary file for the configuration settings listed in the table above. Declare a second local array to hold the corresponding lengths of the configuration settings (the length includes the type and length bytes).
  • Validate that the configuration settings meet the requirements given by the option-rule and option-format entries in the data dictionary Create an empty list of complete option numbers appearing in the configuration file (this will be used to check for multiple occurrences of options that can not be repeated). Additionally, validate that the mandatory configuration settings are present. For each mandatory option, confirm the major option number is present in the list of complete option numbers that appear in the file. If this check fails, then the configuration file is invalid and the configuration file generation aborts.
  • Validate the length in the TLV entry Read the length octet from the file. If the length octet can not be read because end-of-file has been reached, or a sub-option is being processed and there are no more bytes in the parent TLV entry, then the file is invalid, and the configuration file generation aborts.
  • DOCSIS requires that the length of a TLV entry be between 1 and 254. Confirm the length value given in the TLV entry is in range. Confirm the length does not extend beyond the end of the configuration file. If this is a sub-option, then confirm the length does not extend beyond the end of the parent TLV entry. Check the option property value to see if this option requires a specific length, if it does, then confirm the length given in the TLV entry matches the required length. If any of the checks fail, then the configuration file is invalid and the configuration file generation aborts.
  • Validate multiple entries by checking the option “multi-value” property value, if it is “N”, then multiple entries for this option must not be present. Search the list of complete option numbers that have already appeared in this file, if a match is found, then the configuration file is invalid and the configuration file generation aborts.
  • the generation algorithm needs can be read in at TFTP server 124 start-up and stored in the snapshot cache.
  • the objects that describe a particular cable modem may be created by the DHCP server 122 and modified by the administrator of the DHCP server 122 after the TFTP server 124 has started. For this reason the generation algorithm must read the cable modem objects and objects directly associated with it from the LDAP directory, bypassing any cache. This explains why the snapshot cache can only partially isolate the TFTP server 124 from administrator changes. Any changes made by the administrator to Cable modem directory objects will be immediately visible to the TFTP server 124 .
  • Logging of the DOCSIS file to disk is an optional operation, for example to facilitate debugging.
  • the inputs to the DOCSIS file logging process include the DOCSIS in-memory binary configuration file that is to be logged to disk, the MAC Address of the cable modem that the configuration file was created for, a TFTP subdirectory name, the maximum number of logged DOCSIS files to maintain, the message logfile to write messages to, and the level of logging configuration setting.
  • the outputs from the DOCSIS file logging are the DOCSIS binary configuration file on disk, stored as a disk file in the TFTP subdirectory named during input.
  • the name of the file will be the MAC address in hexadecimal without the separators, prefixed by “CM” and with a “.dcf” suffix. If the file was successfully created and the log level includes activity messages, an activity message will be logged noting the configuration file was saved and specifying the pathname to the file. If any errors are encountered while attempting to create the file (disk full, etc.) an error message will be written to the logfile.
  • FIG. 5 is a schematic diagram showing the display system 500 .
  • the display system 500 generates an annotated configuration file and displays the configuration that would be generated by the TFTP server 124 for a particular cable modem. To insure that the configuration file the display system 500 displays is representative of the one the TFTP server 124 would generate, much of the generation algorithm is shared and results in both a binary configuration file and an annotated configuration file. There are however two differences in the way configuration file generation is performed for the display system 500 verses generation for the TFTP server 124 . Since accessing the display system 500 involves supplying an administrator username/password, generation requests from the display system 500 skip the authentication that confirms the request is legitimate. Authentication will only be performed on generation requests that originate from the TFTP server 124 .
  • the second difference involves the configuration data that will be used to generate the configuration file.
  • the TFTP server 124 will upon start-up create a snapshot of much of the configuration information stored in the LDAP directory and restrict its search for configuration information to this snapshot cache when gathering certain information for the configuration file generation. This partially isolates the TFTP server 124 from configuration changes made by a administrator until the server is reloaded and a new snapshot of the directory objects is taken.
  • the display system 500 display is intended to show the configuration file that would be generated using the configuration information that is currently contained in the LDAP directory, so the pre-populated snapshot cache is not present in the display system 500 .
  • the LDAP connection will be used to obtain objects from the LDAP directory that are not yet present in the directory cache.
  • the present invention generates a binary configuration file, received by a cable modem, for the purposes of setting various configuration options in the cable modem.
  • the present invention is not limited to binary files nor to files capable of setting configuration options.
  • software product initialization files can also be set in accordance with the present invention.

Abstract

A method and apparatus for generating configuration files using policy descriptions is provided. The present invention provides a method of generating a binary configuration file by receiving an identification encoded filename, parsing the identification encoded filename to determine identification parameters, matching the identification parameters to a set of configuration policy data to create configuration file parameters, and generating the binary configuration file from the configuration file parameters. The identification encoded filename can be can be run through an authentication check to provide increased security. Once created, the binary configuration file can also be validated, providing increased integrity. In one aspect of the present invention implemented is provided on a TFTP server. In another aspect of the invention an LDAP server is queried for certain configuration policy data, the configuration policy data being optionally cached on the TFTP server. The resulting configuration can be generated according to the DOCSIS configuration file standard, including removing non-version applicable DOCSIS configuration file parameters. The present invention can also be used to generate an annotated configuration file from the configuration file parameters, the annotated configuration file being viewable through a user interface.

Description

BACKGROUND OF THE INVENTION
The present invention relates generally to data communications devices and more specifically to the generation of configuration files for data communications devices.
TFTP (“Trivial File Transfer Protocol”) is a file transfer protocol implemented on top of the Internet User Datagram protocol (UDP or Datagram). It may be used to copy files between machines on different networks implementing UDP. TFTP is designed to be small and easy to implement. Therefore, it lacks most of the features of a regular FTP. The only thing it can do is read and write files from and to a remote server. It cannot list directories, and has no provisions for user authentication. In common with other Internet protocols, it passes 8 bit bytes of data.
TFTP supports five types of packets:
opcode operation
1 Read request (RRQ)
2 Write request (WRQ)
3 Data (DATA)
4 Acknowledgment (ACK)
5 Error (ERROR)
The TFTP header of a packet contains the opcode associated with that packet.
2 bytes string 1 byte string 1 byte
Opcode Filename 0 Mode 0
An RRQ packet, as depicted above, would contain an opcode of I and a nullterminated Filename and Mode.
DOCSIS (“Data Over Cable Service Interface Specification”) defines technical specifications for equipment at both a subscriber's premises and cable operator headends. A headend is a central distribution point for a coaxial or fiber cable-based transmission system. Signals are received from satellite or other sources, frequencies are converted to appropriate channels, possibly combined with locally originated signals and then rebroadcast to cable subscriber equipment (i.e., cable modems). A cable modem (“CM”) provides access to a network by way of a coaxial connection. Cable modems generally provide faster access than conventional telephone line or ISDN modems.
DHCP (“Dynamic Host Configuration Protocol”) is a network application protocol that assigns a temporary IP address to a network device automatically when the network device connects to the network.
LDAP (Lightweight Directory Access Protocol”) is a network application protocol (designed to work on TCP/IP stacks) used to read and write information from a data store. LDAP is a “lightweight” version of the X.500 specification, it gives client applications the ability to store and retrieve network configuration information, such as a user name, e-mail address, security certificate, or other contact information.
IEEE has developed a set of standards to define methods of access and control on local area networks. The IEEE 802 standards correspond to the physical and data-link layers of the ISO Open Systems Interconnection model, but they divide the data-link layer into two sublayers. The logical link control (LLC) sublayer applies to all IEEE 802 standards and covers station-to-station connections, generation of message frames, and error control. The media access control (MAC) sublayer, dealing with network access and collision detection, differs from one IEEE 802 standard to another: IEEE 802.3 is used for bus networks that use CSMA/CD, both broadband and baseband, and the baseband version is based on the Ethernet standard. IEEE 802.4 is used for bus networks that use token passing, and IEEE 802.5 is used for ring networks that use token passing (token ring networks). In addition, IEEE 802.6 is an emerging standard for metropolitan area networks, which transmit data, voice, and video over distances of more than five kilometers.
CMTS (“Cable Modem Termination Service”) is a headend device than can act as a cable modem router.
Typically, a computer network providing cable modem access is configured with a host computer connected to a cable modem either directly or through an Ethernet connection. The cable modem is ultimately connected to a CMTS, the CMTS provides access to other networks (e.g., the Internet) and servers (e.g., TFTP, LDAP, DHCP) attached to the networks.
Cable modems are configured using DOCSIS compliant files typically transferred from a TFTP server. These configuration files are binary files, consisting of a sequence of 8-bit data, as distinguished from files consisting of human-readable ASCII text. Binary files are usually in a form readable only by a program, often compressed or structured in a way that is easy for a particular program to read.
SUMMARY OF THE INVENTION
Managing the DOCSIS compliant configuration files for the many cable modems served by a TFTP server requires a large amount of overhead, both in time and space. The process of updating configuration files as network topology changes is prone to errors due to the large number of cable modems and therefore configuration files that may have to be changed. Additionally, business decisions regarding the various service levels to provide cable modem subscribers are hampered by the complexity and overhead associated with configuration file changes.
Accordingly, a technique is needed to provide improved configuration file management. The present invention provides a method of generating a binary configuration file by receiving an identification encoded filename, parsing the identification encoded filename to determine identification parameters, matching the identification parameters to a set of configuration policy data to create configuration file parameters, and generating the binary configuration file from the configuration file parameters. The identification encoded filename can be can be run through an authentication check to provide increased security. Once created, the binary configuration file can also be validated, providing increased integrity.
In one aspect of the present invention the method is run on a TFTP server. In another aspect of the invention the method involves querying an LDAP server for certain configuration policy data, the configuration policy data being optionally cached on the TFTP server. The resulting configuration can be generated according to the DOCSIS configuration file standard, including removing non-version applicable DOCSIS configuration file parameters when generating the binary configuration file.
The present invention can also be used to generate an annotated configuration file from the configuration file parameters, the annotated configuration file being viewable through a user interface.
In one embodiment the present invention is implemented as a sequence of computer program instructions, these instructions may exist on any computer readable medium, including an electromagnetic wave.
The present invention provides the advantages of allowing for more effective broadband provisioning through better configuration file management as well as allowing for the creation of more flexible subscriber service plans.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram of a system topology configured according to an embodiment of the present invention.
FIG. 2 is a block diagram of the hierarchy of objects of the File class as embodied in the present invention.
FIG. 3 is a flow diagram showing steps in the configuration file generation process levels as used in an embodiment of the present invention.
FIG. 4 is a flow diagram showing the various steps performed by a preferred embodiment of the present invention.
FIG. 5 is a schematic diagram showing the display system of the present invention.
The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular description of preferred embodiments of the invention, as illustrated in the accompanying drawings in which like reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the invention.
DETAILED DESCRIPTION OF THE INVENTION
A description of preferred embodiments of the invention follows. A new TFTP service providing DOCSIS file generation capabilities is described; it supports effective broadband provisioning and improved configuration file management. The new TFTP service generates DOCSIS compliant cable modem configuration files with appropriate classes of service, based upon a request from the cable modem and using user registration information stored in an LDAP directory. The new TFTP service runs on a standard RFC-1350 compliant TFTP server. The TFTP server can also be used to perform standard TFTP services, such as downloading software upgrades to cable modems, as well as providing the new service of dynamically generating DOCSIS compliant configuration files.
FIG. 1 is a block diagram of a system topology configured according to an embodiment of the present invention. A computer 100 (e.g., an IBM Personal Computer) is connected via an Ethernet interface to cable modem 102 (e.g., a Cisco Systems uBR904 Cable Modem). The cable modem 102 is connected by coaxial cable to a cable modem termination service 104 (e.g., Cisco Systems uBR7246 Cable Modem Termination Service). The cable modem termination service 104 is housed in a cable headend 118. The cable modem termination service 104 is connected to a router 106 which provides access to network data center 130 which contains a Domain Name Service (“DNS”) server 120, a DHCP server 122, a TFTP server 124 and an LDAP server 125. Router 106 also connects cable modem termination service 104 to the Internet 108 . Multiple Internet servers 110 are connected to Internet 108 and are therefore accessible by users of computers 100 connected into the topology. Certain Internet servers 110 are maintained by Internet service providers 126. Requests for configuration originate at cable modem 102 and travel to TFTP server 124, where a DOCSIS binary configuration file is generated and sent back to cable modem 102.
FIG. 2 is a block diagram of the hierarchy of objects of the Filelnterface class 200 as embodied of the present invention, the following classes define the interfaces the TFTP server 124 will use to access static files and DOCSIS files. The FileInterface class 200 represents a generic file which can be read or written. The StaticFile class 202 inherits from Filelnterface class 200, and represents a file that exists in the file system. The DynamicFile class 204 inherits from FileInterface class 200, and represents a file that exists in memory. The DOCSISFile class 206 inherits from DynamicFile class 204, and represents a DOCSIS compliant configuration file.
The FileInterface class 200 provides the basic operations of open, close, read and write. Flavors of open include, read-only, write-only and read-write. Additionally, flags for appending at end-of-file, open and truncating, creating and opening, and opening only if file doesn't already exist, are defined.
The StaticFile class 202 will inherit from the Filelnterface class 200. The open method will be responsible for checking access controls on the file being accessed and will return access denied, file not found or OK. Access controls will be checked by matching the filename against the administratively configured TFTP home directory and optional alternate paths. The constructor will take an argument specifying the mode of the file transfer, octet or netascii and perform the appropriate transformation on the file data.
The DOCSISFile class 206 will inherit from the DynamicFile class 204 which inherits from the FileInterface class 200. The purpose of the DynamicFile class 204 is to provide a place to put common methods associated with dynamic or in-memory files allowing the TFTP server 124 to be easily extended to serve other types of dynamic files. The open method will be responsible for contacting the LDAP server via the middleware, verifying the client's IP address, constructing a DOCSIS file image in memory and verifying the integrity of that image. The open method may return access denied, file not found, or OK. DOCSIS files can only be opened for reading. As such, the open call will return access denied if a write flag is passed to the open call. The close method will be responsible for releasing all resources associated with the DOCSIS file. DOCSIS files will not be cached in memory beyond the call to close. The constructor will take an argument specifying the IP address of the client requesting the file. This argument is used for validation as described in the next section.
FIG. 3 is a flow diagram showing various steps in the configuration file generation process levels as used in an embodiment of the present invention. The binary configuration process receives an identification encoded filename at Step 300. The identification encoded filename identifies the cable modem 102 for which a binary configuration file is to be generated. The identification encoded filename is parsed at Step 302, breaking out its parameters. It is then checked (Step 304) for authenticity. If the filename is not authentic an authentication error is issued at Step 306 and the process ends, otherwise parameters derived from the identification encoded filename and data located in various data stores is matched against policy data (Step 308). Matching consists of locating policy information for various components (e.g., cable modem vendor, subnet, CMTS, CMTS Group and default policies), constructing lists, applying rules and removing non-applicable options. The results of the matching Step 308 generate a binary configuration file (Step 310). The binary configuration is checked for validity at Step 312, if it is found to be invalid a validation error is issued at Step 314, otherwise the binary configuration file is sent to the cable modem in Step 316.
FIG. 4 is a flow diagram showing the various steps performed by a preferred embodiment of the present invention. In a preferred embodiment of the present invention a DOCSIS configuration file is dynamically generated based upon a RRQ message received by an augmented TFTP server 124. The invention can generate a DOCSIS file for the TFTP server 124 (i.e., a binary configuration file) or a DOCSIS file for the display system 500 (an annotated configuration file). If the configuration file generation is being performed on behalf of the TFTP server 124, then directory searches will be confined to the pre-populated LDAP directory snapshot cache except where noted. Steps being used only for directory verification are to confirm the consistency of the configuration information stored in the LDAP directory or cache and are only performed if the debug option to verify configuration information is enabled. If the configuration file generation aborts, then an error message will be written to the message log. Configuration files can be used to define the equipments's operating mode, such as: downstream and upstream service assignments, assigned frequencies, data rates, modulation schemes, class of service, and type of service.
Parse the TFTP Request's Filename Field (Step 400)
The filename contained in a TFTP read request (RRQ) is parsed to determine if the request is for a normal file, or a binary DOCSIS configuration file. The file name to be parsed is composed of a requested filename and a DOCSIS pathname prefix setting (defined in the LDAP server or the DHCP/DNS information backup). Additionally, a message logfile destination and message log level are received. The level of logging is a configurable setting (e.g., log only errors, log errors and warnings). The filename parsing process outputs a status, success if filename is in proper syntax, or failure if the first portion of the filename matches the DOCSIS request prefix, but the remaining portion of the filename does not have the proper syntax. Upon failure a warning message will be logged and the failure status returned. Another output is a DOCSIS request boolean flag, this flag is set to true if the first portion of the filename matches the DOCSIS pathname prefix. Because a DOCSIS filename is formed by the DHCP server 122 no special handling is required for operating system specific filename differences such as drive letters or forward versus backward slashes. The DHCP server 122 will use the exact pathname prefix stored in the LDAP directory. The MAC address of the cable modem that the configuration file is being generated for is also output. The parser performs a case insensitive compare of the next portion of the requested filename against “/MAC-”. If the strings match, then extract the remaining portion of the filename and validate that it has the proper format for a MAC Address. If the filename does not pass the tests for a “/MAC-” prefix and valid MAC address, then the parser writes a warning message to the message log (if the desired level of logging information includes warnings) and returns a failure status.
Inputs to the Match and Generate Processes
Inputs to the generation process include a boolean flag indicating the DOCSIS configuration file is being generated on behalf of the TFTP server 124. If the file is being generated for the TFTP server 124, then the generation request will be authenticated and LDAP directory lookups for certain objects will be restricted to the snapshot cache taken at server start-up. Otherwise, the authentication is skipped, the LDAP cache is not pre-populated, and directory lookups may read from the LDAP directory if the object is not found in the cache.
The MAC address of the cable modem for which the DOCSIS configuration file is being generated is received as input and used as the key to locate the cable modem object for this cable modem. The TFTP server 124 obtains the MAC address of the cable modem by parsing the special filename in the TFTP request packet sent by the cable modem.
The source IP address of the TFTP request packet (or 0 if the configuration file is not being generated on behalf of the TFTP server 124) is received by the generation process. The IP address is used to authenticate the DOCSIS configuration file request.
The DOCSIS version of the cable modem is received and used to determine the DOCSIS version the generated configuration file should conform to. This allows the process to ignore old configuration options that are no longer applicable in a configuration file that conforms to a new DOCSIS version, or ignore new configuration options that should not be present in a configuration file that conforms to an old DOCSIS version. The TFTP server 124 and the display system 500 obtain the DOCSIS version from the Version attribute of the cable modem object.
The LDAP connection is used to obtain the cable modem object, the IP address lease object and other objects directly associated with the cable modem object from the LDAP directory, all other objects are obtained from the directory snapshot cache loaded at server start-up.
The LDAP configuration parameters control LDAP access. These include the LDAP search filter, search scope, request time-out, connection count, and LDAP distinguished name (“DN”) to get to the object tree containing the cable modem objects. The TFTP server 124 obtains these parameters from its configuration information stored in the LDAP directory (minimal initial LDAP connection parameters are stored in a local configuration database).
The LDAP cache is an in-memory cache of directory objects. When generating a DOCSIS configuration file for the TFTP server 124, the cache is pre-populated with a snapshot of the directory objects needed for DOCSIS configuration file generation (except for Cable modem objects and objects directly associated with a Cable modem object). When generating a DOCSIS configuration file for the display system 500 the cache is only used to speed up access to directory objects and can be empty.
A boolean flag is received, indicating whether directory integrity verification is enabled for checking the contents of directory objects. The TFTP server 124 obtains the value for this flag from the “data-integrity-checking” property stored in a local configuration database.
An indication of which heap to use when dynamically allocating memory is received. The TFTP server 124 will use this parameter to associate dynamically allocated memory with a particular TFTP client session to ensure all the memory is freed at the end of the session.
A message logfile indicating where to write messages to as well as a message log level indicating the level of logging configuration setting (e.g., log only errors, log errors and warnings) is also received.
Outputs From the Match and Generate Processes
An indication of success or failure is output. Since the generation algorithm performs various integrity checks and validations, the configuration file generation may fail.
Another output is the DOCSIS configuration as an in-memory binary file. This is a complete cable modem binary configuration file as described in the DOCSIS Radio Frequency Interface Specification. The file consists of cable modem-specific configuration data stored as a series of configuration settings formed by type, length and value entries. The TFTP server 124 will download the in-memory configuration file to the cable modem. It may also be written to disk for debug tracing. The display system 500 makes no use of the binary configuration file. Creating a binary configuration file from the display system 500 provides a check that the TFTP server 124 will not encounter problems when it generates the binary configuration file.
The DOCSIS configuration as a list of Policy action objects is output. This is a list of Policy action objects indexed by the configuration setting type they represent. The binary configuration file is generated from this list. The list corresponds closely to the binary file, with only automatically generated configuration settings such as the TFTP server Timestamp, CM Message Integrity Service (“MIC”), CMTS MIC, End-of-Data Marker, etc. missing from the list. The TFTP server 124 makes no direct use of the policy action list. The display system 500 uses the policy action list to generate the “list all cable modem options” display. The in-memory configuration file can not be used for this purpose as it only contains the actual configuration settings. In addition to the settings, the “list all cable modem options” display provides information about the policies that caused the particular configuration setting to be generated. It is this information that the policy action objects provide.
Locate the IP Address Lease and Cable Modem Objects (Step 402)
Search the LDAP directory for an IP address lease object and a cable modem object, where each object's MAC address attribute matches the MAC address of the cable modem for which the configuration file is to be generated. The search must bypass the directory cache and go directly to the LDAP directory, otherwise the updates to the objects made by the DHCP server 122, or by other servers, may not be seen. If an IP lease address object is not found, or if a cable modem object is not found, then the configuration file is not generated, an informational message is logged, and a failure status is returned indicating an object representing the IP address lease and/or cable modem could not be located. In this event, the TFTP server 124 will ignore the request, forcing the cable modem to retry later. If multiple IP address lease objects are returned by the search, then the most recently updated IP address lease object is chosen. If multiple Cable modem objects are returned by the search, then the LDAP directory or cache is corrupt, and the configuration file generation aborts.
Authenticate the TFTP Request (Step 404)
If the DOCSIS configuration file is being generated based upon a TFTP request from a cable modem, rather than for display in the display system 500, then an attempt is made to detect the case where a rogue cable modem tries to configure itself with options reserved for another cable modem.
First, verify the network address list type, this step is only for directory verification. The network address list type is obtained from the IP address lease object, it specifies the format of the IP address contained in the network address list. Confirm that the network address list type exists and has a value of 0. If this check fails, then the directory or cache is corrupt and the configuration file generation aborts.
Obtain the IP address of the cable modem and verify network address list, this step is only for directory verification. Confirm that only one value is present in the network address list obtained above. Confirm that the value parses as a legal IP address in CIDR format. If either of these checks fail, then the directory (or cache) is corrupt and the configuration file generation aborts.
Validate the source IP address of the TFTP request by comparing the source address of the TFTP request to the IP address of the cable modem obtained from the IP address lease object. If the addresses do not match, then the configuration file is not generated, an informational message is logged, and a status is returned indicating the request could not be authenticated. If the addresses do not match, then one of two conditions is present. Either the DHCP server 122 has not yet updated the cable modem object with this cable modem's current information or a rogue cable modem is trying to configure itself with options reserved for another cable modem. In either event, the TFTP server 124 will ignore the request, forcing the cable modem to retry later.
Locate the Cable Modem Vendor Based Configuration Policy (Step 406)
Extract the cable modem's vendor prefix from the cable modem's MAC address. The vendor prefix is the three octet prefix of the MAC address. First, locate the dictionary entry for the cable modem's vendor prefix and search for a dictionary entry object whose dictionary entry type is “vendor” and whose dictionary entry data value contains the vendor prefix specified in the MAC address. If a vendor entry is not found for the prefix an informational message is logged and the configuration file generation proceeds without a vendor based configuration policy. This differs from other policy lookups which abort the file generation if a directory object can not be found. A missing vendor based policy is allowed since the vendor of the cable modem may be under the control of the subscriber, whereas other policy objects are based on items controlled by the Multiple Service Organization (“MSO”). If multiple dictionary entry objects are returned by the search, then the directory or cache is corrupt, and the configuration file generation aborts.
Obtain the vendor name associated with the vendor prefix by obtaining the value of the dictionary entry name from the dictionary entry object (this should be the unique vendor name). If the dictionary entry name attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt, and the configuration file generation aborts.
Locate the vendor modem provision object by searching for a vendor modem provision object whose element name value matches the unique vendor name obtained from the dictionary. If a vendor modem provision object is not found for the vendor name an informational message is logged and the configuration file generation proceeds without a vendor based configuration policy. If multiple vendor modem provision objects are returned by the search, then the LDAP directory or cache is corrupt, and the configuration file generation aborts.
Verify that element type is present and has a value of “Vendor”. If this check fails, an error is logged and the configuration file generation aborts in error.
Locate the Subnet Based Configuration Policy (Step 408)
Locate the subnet based configuration policy by first locating the subnet modem provision object by searching for a subnet modem provision object whose network address list attribute contains an IP address/mask that matches the bits of the cable modem's IP address. The search may return multiple subnet modem provision objects as subnets can overlap. If multiple objects are returned, they are sorted by mask and the object with the largest mask (and therefore smallest subnet) is selected. Second, verify the element type contains the required value of “Subnet” and confirm the network address list type attribute of the subnet modem provision object is 1. If either of these checks fail, then the directory or cache is corrupt and the configuration file generation aborts.
Locate the CTMS Based Configuration Policy (Step 410)
Obtain a reference to the CMTS modem provision object via the parent element attribute value from the subnet modem provision object previously located. If the parent element attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
Locate the CMTS modem provision object using the distinguished name obtained from the parent element in the previous step. If a CMTS modem provision object is not found or if multiple CMTS modem provision objects are found, then the directory or cache is corrupt and the configuration file generation aborts.
Verify the element type a value of “CMTS”. If this check fails, then the directory or cache is corrupt and the configuration file generation aborts.
Locate the CTMS Group Based Configuration Policy (Step 412)
Obtain the parent element attribute value from the CMTS modem provision object located in the previous section. If the parent element attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
Locate the CMTS group modem provision object by searching for a CMTS group modem provision object using the distinguished name obtained from the parent element in the previous step. If a CMTS group modem provision object is not found or if multiple CMTS group modem provision objects are found, then the directory or cache is corrupt and the configuration file generation aborts.
Confirm the CMTS group modem provision's element type attribute has a value of “CMTS Group”. If this check fails, then the directory or cache is corrupt and the configuration file generation aborts.
Locate the Default Configuration Policy (Step 414)
Search for the system default modem provision object. If the System default modem provision object is not found or if multiple system default modem provision objects are found, then the directory or cache is corrupt and the configuration file generation aborts.
Verify element type contains and element name attributes have a value of “SystemDefault”. Confirm the parent element attribute has a null value. If any of these checks fail, then the directory or cache is corrupt and the configuration file generation aborts.
Construct a List of Service Tuples (Step 416)
Start by creating an empty list of service tuples for the cable modem we are configuring. Obtain the package list attribute values from the cable modem object. The attribute may be missing, or may have no value, or may be an empty value. This is the case if the subscriber is booting the cable modem for the first time and obtaining a limited-use configuration for access to the user registration process. If a default package list has been specified for unprovisioned modems, then that list will be used, otherwise the list of packages will be empty. If no service packages are found, continue the configuration file generation at the next phase (“Construct a List of Policy action Objects”).
Locate the service tuples for each service package and for each service package: locate the dictionary entry object whose dictionary entry type attribute value is “service-package” and whose dictionary entry name attribute matches the name of the service package. If a Dictionary entry object is not found, or multiple objects are found, then the directory or cache is corrupt and the configuration file generation aborts. Obtain the dictionary entry data attribute values from the dictionary entry object. This is the list of service type and service level tuples required to support the service package. If the dictionary entry data attribute is not present, or the attribute has no value, or the value is empty, then the directory or cache is corrupt and the configuration file generation aborts. Append these values to the list of service tuples for the cable modem being configured and continue to process the next service package obtained from the cable modem object.
Construct a List of Policy Action Objects (Step 418)
Policies are applied to the list of service tuples to form a list of policy action objects. First, create an empty list of policy action objects for the cable modem being configured. Then, for the system default modem provision, CMTS group modem provision, CMTS modem provision, subnet modem provision, vendor modem provision and cable modem objects obtained in the previous steps, in the order given, perform the following:
Obtain the policy list attribute value from the modem provision objects or cable modem object. If the policy list attribute is not present, or the attribute does not have a value, or the value is empty, then continue with the next modem provision objects or cable modem object.
Apply the policies by performing the following for each of the values obtained from the policy list attribute:
Locate the modem provision policy by searching for a modem provision policy object using the distinguished name obtained from the policy list attribute value in the previous step. If the configuration file generation is being performed on behalf of the TFTP server 124, then the search will be confined to the pre-populated LDAP cache, unless the current list of policies came from the cable modem object, in which case the cache is bypassed and the LDAP directory is searched directly. This is done for the all of the searches in this section and allows the TFTP server 124 to access policy objects that are directly associated with the cable modem the configuration file is being generated for. If a modem provision policy object is not found or if multiple objects are found, then the directory or cache is corrupt and the configuration file generation aborts.
Check for a disabled policy by obtaining the policy enabled attribute. If the attribute is present and the value is FALSE, then ignore this policy and continue the configuration file generation with the next policy in the list.
Obtain the policy condition set attribute from the modem provision policy object. If the policy condition set attribute is not present, or the attribute does not have a value, or the value is an empty string, then the LDAP directory or cache is considered corrupt, an error message is logged, and the configuration file generation aborts in error.
Verify that the policy condition set attribute has the required form by verifying that it contains one and only one value. If this check fails, then the directory or cache is corrupt and the configuration file generation aborts.
Locate the policy condition object by searching with the distinguished name obtained from the policy condition set attribute value in the previous step. If a policy condition object is not found or if multiple objects are found, then the directory or cache is corrupt and the configuration file generation aborts.
Obtain the policy constraint attribute values of the policy condition object. If the policy constraint attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
Determine if the policy should be applied for each of the values obtained from the policy constraint attribute, confirm that the value is “COMMON”, or it matches one of the service type, service level pairs in the service tuple list previously created. If any of the constraints fail, then ignore this modem provision policy object and continue the configuration file generation with the next policy in the list.
Obtain the policy action set attribute values of the modem provision policy object. If the Policy action set attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
Apply the policy for each of the values obtained from the policy action set attribute. First, locate the policy action object by searching for a policy action object using the distinguished name obtained from the policy action set attribute value in the previous step. If a policy action object is not found or if multiple objects are found, then the directory or cache is corrupt and the configuration file generation aborts. Then, append the policy action object to the list of policy action objects for the cable modem being configured and process the next value obtained from the policy action set attribute.
Process the next policy in the list obtained from the policy list attribute. Finally, process the next provision object or cable modem object.
Apply the Rules in the Policy Action Objects (Step 420)
Collect all the policy action objects for a particular modem option and apply the rules. Create an empty array to be used for mapping a major modem option number to a list of policy action objects. For each policy action object in the list constructed in the previous phase perform the following:
Obtain the modem option number by obtaining the first option data attribute value. If the option data attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts. Extract the major option number from the “option number=value” string contained in the attribute. Confirm the modem option number obtained is greater than or equal to 0 and less than or equal to 255. If this check fails, then the directory or cache is corrupt and the configuration file generation aborts.
Verify the option specified is configurable by the administrator by confirming that the number is not 0 (Pad), 6 (CM MIC), 7 (CMTS MIC), 14 (CPE Ethernet MAC Address), 19 (TFTP Server Timestamp), 20 ( TFTP Server Provisioned Modem Address), or 255 (End-of-Data). Encodings for these configuration settings will be created when the configuration file is generated and can not be specified by the administrator. If any of the checks fail, then the directory or cache is corrupt and the configuration file generation aborts.
Apply this policy action object by doing the following:
Check for an empty list in map, if there is not already an entry in the major option number to policy action list map for this number, then add this policy action object to the map and continue the configuration file generation with the next policy action object in the list constructed in the previous phase.
Locate the dictionary entry for the option by searching for a dictionary entry object whose dictionary entry type attribute is “option” and whose dictionary entry name attribute value contains the option number. If multiple dictionary entry objects are returned by the search, then the directory or cache is corrupt and the configuration file generation aborts.
Obtain the sub-option and multi-value properties of the option, by obtaining the second and third values of the dictionary entry data attribute from the dictionary entry object. If the dictionary entry name attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
Check for option suppression. If a policy action object with a suppress rule is already present, then the current policy action object can be discarded no matter what its rule is. Check for this case before looking further at the current Policy action object. If the option has sub-options but is not multi-valued, then rules apply to individual sub-options and each policy action object must be checked. Starting at the end of the list, for each policy action object in the list map for this major option number, obtain the complete option number from the value of the option data attribute. If the complete option number matches the complete option number of the policy action object being processed, then obtain the value of the option operand of the policy action object in the list map, otherwise proceed to the next Policy action object in the list. If the rule given in the option operand is “S”, then discard the current policy action object and continue the configuration file generation with the next object in the list constructed in the previous phase, otherwise the sub-option is not suppressed, proceed to the next step. If the option does not have sub-options or is multi-valued, then rules apply to all instances of the option. Obtain the option operand attribute value from the last policy action object in the list map for this major option number. If the rule is “S”, then discard the current policy action object and continue the configuration file generation with the next policy action object in the list constructed in the previous phase.
Obtain the modem option rule by obtaining option operand attribute value from the Policy action object. If the option operand attribute is not present, or the attribute does not have a value, or the attribute has multiple values, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
Verify the modem option rule by confirming the value is “R” (Replace), “A” (Append), or “S” (Suppress). If the option is not multi-valued, confirm the value is not “A”. If any of these checks fail, then the directory or cache is considered corrupt and the configuration file generation aborts.
Apply the Rule, if the rule is “A” or “S”, then append the policy action object to the list in the map for this option number and continue the configuration file generation with the next policy action object in the list constructed in the previous phase. Otherwise, the rule is “R”. If the option has sub-options but is not multi-valued, then rules apply to individual sub-options and each policy action object must checked. Scan the object list in the map and remove policy action objects whose complete option number match the complete option number of the object being processed. Append the policy action object being processed to the end of the list. Otherwise, the replace rule applies to all instances. Empty the object list in the map for this option number and insert the policy action object in the empty list.
Process the next policy action object in the list constructed in the previous phase.
Remove Options Not Applicable to the DOCSIS Version (Step 422)
Obtain the DOCSIS version of the cable modem by obtaining the value of the DOCSIS version attribute (originally from the the Vendor Class Identifier option in the DHCP message) of the IP address lease object previously located. If the attribute is not present, or does not have a value, or the value is the empty string, then use 1.0 as the DOCSIS version of the cable modem. If the DOCSIS version attribute has multiple values, or the value can not be parsed as a “<major>.<minor>” DOCSIS version number, then the directory or cache is corrupt and the configuration file generation aborts.
Obtain the DOCSIS version of the CMTS by obtaining the value of the DOCSIS version attribute of the CMTS modem provision object previously located. If the DOCSIS version attribute is not present, or does not have a value, or the value is the empty string, then the DOCSIS version for the CMTS is obtained from the CMTS group modem provision object previously located. If it is not possible to obtain the DOCSIS version from the CMTS group, then the directory or cache is corrupt and the configuration file generation aborts.
Determine the DOCSIS version to use by comparing the DOCSIS version of the cable modem to the DOCSIS version of the CMTS and select the minimum of the two as the DOCSIS version the configuration file should conform to.
Remove options not applicable to the DOCSIS version by performing the following steps for each non-empty entry in the modem option number to policy action object list map constructed in the previous phase. First, locate the dictionary entry for the option by searching for a dictionary entry object whose dictionary entry type attribute is “option” and whose dictionary entry name attribute value contains the option number. If multiple dictionary entry objects are returned by the search, then the directory or cache is corrupt and the configuration file generation aborts. Second, obtain the DOCSIS version applicability of the option by obtaining the value of the dictionary entry data attribute from the Dictionary entry object. If the dictionary entry name attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts. Third, remove the option if it is not applicable by comparing the DOCSIS version requirements of the option to the DOCSIS version to which the configuration file being generated must conform. If the option is not applicable, then empty the policy action object list for this option number in the map. Lastly, process the next non-empty entry in the modem option number to policy action object list map.
Construct the Binary Configuration File (Step 424)
Create the tag-length-value (“TLV”)” entries for the configured options by creating an empty element array to be used for mapping a modem option number to the offset in the binary configuration file of the last TLV entry created for that option (this will be used when generating the CMTS MIC). For each non-empty entry in the modem option number to policy action object list map, traverse the list of policy action objects performing the following steps:
First, skip suppressed options by obtaining the option operand attribute value from the policy action object. If the option operand attribute is not present, or the attribute does not have a value, or the attribute has multiple values, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts. If the value is “S”, proceed to the next policy action object. Obtain the modem option values by obtaining the option data attribute values from the policy action object. If the option data attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts. Construct the TLV entries starting at the major option number level, for each option data attribute value perform the following:
Locate the dictionary entry for the option format by extracting the complete option or sub-option number from the “option number=value” string contained in the attribute value, if the number of sub-option levels contained in the option number is greater than the option level being processed, then recurse to build a TLV for the sub-option, if the number of sub-option levels contained in the option number is less than the option level being processed, then the end of a sub-option value has been reached, return to the caller. If any of the higher level option numbers have changed, then the end of the option value has been reached, return to the caller. If the option number at the current level is less than or equal to the previous option number, then the end of the option value has been reached, start a new TLV entry and continue processing.
Locate the dictionary entry for the option format by searching for a dictionary entry object whose dictionary entry type attribute is “option-format” and whose dictionary entry name attribute value contains the complete option number. If multiple dictionary entry objects are returned by the search, then the directory or cache is corrupt and the configuration file generation aborts.
Obtain the option format by obtaining the value of the dictionary entry data attribute from the Dictionary entry object. If the dictionary entry name attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
Generate the TLV entry by extracting the option value from the “option number=value” string contained in the option data attribute. Using the option format information encode the option value into a type, length and value entry and append it to the in-memory binary configuration file (or parent TLV if processing a sub-option). Multi-octet values are encoded in network-byte order, i.e., the octet containing the most-significant bits is first. If this TLV is at the outer level, update the major modem option number to file offset map to reflect the TLV entry that was just added.
Continue processing with the next value of the option data attribute and continue processing with the next policy action object either from the current list, or from the next list in the option array.
Second, generate the CPE Ethernet MAC address entries by obtaining the values of the computer list attribute of the cable modem object. These values are references to customer premise equipment objects. For each value, locate the customer premise equipment object by searching for a customer premise equipment object using the distinguished name obtained from the computer list attribute. If multiple customer premise equipment objects are returned by the search, then the directory or cache is corrupt and the configuration file generation aborts. Next, obtain the MAC address by obtain the value of the MAC address attribute of the customer premise equipment object. If the MAC address attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts. Then, generate a TLV entry of type 14 (CPE Ethernet MAC address) and length 6 with the MAC address as the value and append it to the in-memory binary configuration file and process the next value in the list obtained from the computer list attribute.
Third, generate the TFTP server timestamp by obtaining the number of seconds since 00:00 L Jan. 1900 (i.e., RFC-868 time). Generate a TLV entry of type 19 (TFTP server timestamp) and length 4 with the number of seconds as the value and append it to the in-memory binary configuration file.
Fourth, generate the TFTP server 124 provisioned modem address by obtaining the value of the network address list attribute of the cable modem object and encode it into a binary value in network format (this is the IP address of the cable modem). Generate a TLV entry of type 20 (TFTP server provisioned modem address) and length 4 with the IP address of the cable modem as the value and append it to the in-memory binary configuration file.
Fifth, generate the CM MIC by declaring a local variable of type MD513 CTX, then call MD5Init to initialize the variable (See RFC 1321: The MD5 Message-Digest Algorithm for more information on MD5 related functionality). Call MD5Update passing the MD5 context variable, a pointer to the start of the buffer containing the TLV binary values, and the length of the buffer. Call MD5Final passing the context variable to generate the MD5 digest. The MD5 digest value is contained in the digest field of the context variable and is 16 bytes long. Generate a TLV entry of type 6 (cable modem message integrity check), length 16, with the MD5 digest as the value and append it to the in-memory binary configuration file.
Sixth, generate the CMTS MIC using the HMAC-MD5 mechanism described in RFC-2104. It is calculated only over the following configuration settings (when present) and in the order shown:
TABLE 1
Options Included in CMTS MIC
Type Description
 1 Downstream Frequency
 2 Upstream Channel ID
 3 Network Access Control
 4 Class of Service
17 Baseline Privacy Configuration Settings
43 Vendor-specific Information
 6 CM MIC
18 Maximum Number of CPEs
19 TFTP Server Timestamp
20 TFTP Server Provisioned Modem Address
22 Upstream Packet Classification
23 Downstream Packet Classification
24 Upstream Flow Scheduling
25 Downstream Flow Scheduling
28 Maximum Number of Classifiers
29 Privacy Enable
26 Payload Header Suppression
Obtain the shared secret attribute from the CMTS modem provision object previously located. If the CMTS modem provision object is not present, or does not contain a shared secret attribute that has a non-empty value, then obtain the shared secret attribute from the CMTS group modem provision object previously located. If the shared secret attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts. Declare a local array variable to hold pointers to the TLV entries in the binary file for the configuration settings listed in the table above. Declare a second local array to hold the corresponding lengths of the configuration settings (the length includes the type and length bytes). Fill in these arrays using the major option number to file offset map created when the configuration file was generated. Declare a local variable to hold the HMAC-MD5 digest. Call seclib13 hash13 passing the array of buffer pointers, the array of buffer lengths, the number of buffers, the key (from shared secret), the key length, and the output buffer and length to return the HMAC-MD5 digest in. Generate a TLV entry of type 7 (CMTS message integrity check), length 16, with the HMAC-MD5 digest as the value and append it to the in-memory binary configuration file.
Seventh, add an end-of-data marker to terminate the binary configuration file by generating a special TLV entry that only contains the type field which is set to 255 (end-of-data) and append it to the in-memory binary configuration file.
Validate the Binary File (Step 426)
Validate that the configuration settings meet the requirements given by the option-rule and option-format entries in the data dictionary. Create an empty list of complete option numbers appearing in the configuration file (this will be used to check for multiple occurrences of options that can not be repeated). Additionally, validate that the mandatory configuration settings are present. For each mandatory option, confirm the major option number is present in the list of complete option numbers that appear in the file. If this check fails, then the configuration file is invalid and the configuration file generation aborts.
Starting at the major option number level, for each TLV entry perform the following:
Obtain the type from the TLV entry. Check and see that a sub-option is being processed and the end of the parent TLV has been reached. If this is the case, then return from the recursive processing of the sub-options. Read the type octet from the file. If the type octet can not be read because end-of-file has been reached, then an end-of-data marker is missing, the file is invalid, and the configuration file generation aborts.
Validate that the sub-option combination rules are obeyed. If the end of a parent TLV has been reached, then the bit-map of sub-options present in the TLV must be validated against the option rules.
Locate the dictionary entry for the option rules by searching for a dictionary entry object whose dictionary entry type attribute is “option-rule” and whose dictionary entry name attribute value contains the complete option number. If multiple dictionary entry objects are returned by the search, then the directory or cache is corrupt and the configuration file generation aborts.
Check the bit-map against the rules. For the required sub-option rule, confirm the bit-map indicates the sub-option is present for each of the sub-options listed in the rule. For the co-dependent sub-option rule, check the first sub-option listed in the rule, if the bit-map indicates the sub-option is present, then confirm that all the other sub-options listed in the rule are also present, otherwise confirm the others are not present. For the co-destructive sub-options, count the number of sub-options listed in the rule the bit-map indicates are present. Confirm this count is not greater than one. If any of the checks fail, then the configuration file is invalid and the configuration file generation aborts.
Check for end-of-data marker. If the type is 255, then the end of the configuration settings has been reached. Confirm the major option level is being processed (an end-of-data marker can not appear in a sub-option), an end-of-file has been reached, or all remaining bytes in the file are 0 (Pad configuration setting). If any of the checks fail, then the configuration file is invalid and the configuration file generation aborts.
Check for pad configuration setting. If the type is 0 (pad configuration setting), then the configuration file is invalid and the configuration file generation aborts. The pad configuration setting can only appear after the end-of-data marker.
Locate the dictionary entry for the option by searching for a dictionary entry object whose dictionary entry type attribute is “option” and whose dictionary entry name attribute value contains the complete option number. If multiple dictionary entry objects are returned by the search, then the directory or cache is corrupt and the configuration file generation aborts.
Obtain the option properties by obtaining the values of the dictionary entry data attribute from the Dictionary entry object. If the dictionary entry name attribute is not present, or the attribute does not have a value, or the value is an empty string, then the directory or cache is corrupt and the configuration file generation aborts.
Validate the length in the TLV entry. Read the length octet from the file. If the length octet can not be read because end-of-file has been reached, or a sub-option is being processed and there are no more bytes in the parent TLV entry, then the file is invalid, and the configuration file generation aborts. DOCSIS requires that the length of a TLV entry be between 1 and 254. Confirm the length value given in the TLV entry is in range. Confirm the length does not extend beyond the end of the configuration file. If this is a sub-option, then confirm the length does not extend beyond the end of the parent TLV entry. Check the option property value to see if this option requires a specific length, if it does, then confirm the length given in the TLV entry matches the required length. If any of the checks fail, then the configuration file is invalid and the configuration file generation aborts.
Determine if the value contains sub-options by check the option “sub-options” property value, if it is “Y”, then recurse to validate the TLV entries for the sub-option. While processing the sub-options use a bit-map to record the sub-options that are present.
Validate multiple entries by checking the option “multi-value” property value, if it is “N”, then multiple entries for this option must not be present. Search the list of complete option numbers that have already appeared in this file, if a match is found, then the configuration file is invalid and the configuration file generation aborts.
Record this option in the list of options found by entering the complete option number in the list of options found in this configuration file and process the next TLV entry in the configuration file, or in the parent's TLV entry, if sub-options are being validated.
Caching
Not all of the configuration information the generation algorithm needs can be read in at TFTP server 124 start-up and stored in the snapshot cache. The objects that describe a particular cable modem may be created by the DHCP server 122 and modified by the administrator of the DHCP server 122 after the TFTP server 124 has started. For this reason the generation algorithm must read the cable modem objects and objects directly associated with it from the LDAP directory, bypassing any cache. This explains why the snapshot cache can only partially isolate the TFTP server 124 from administrator changes. Any changes made by the administrator to Cable modem directory objects will be immediately visible to the TFTP server 124.
DOCSIS File Logging
Logging of the DOCSIS file to disk is an optional operation, for example to facilitate debugging. The inputs to the DOCSIS file logging process include the DOCSIS in-memory binary configuration file that is to be logged to disk, the MAC Address of the cable modem that the configuration file was created for, a TFTP subdirectory name, the maximum number of logged DOCSIS files to maintain, the message logfile to write messages to, and the level of logging configuration setting.
The outputs from the DOCSIS file logging are the DOCSIS binary configuration file on disk, stored as a disk file in the TFTP subdirectory named during input. The name of the file will be the MAC address in hexadecimal without the separators, prefixed by “CM” and with a “.dcf” suffix. If the file was successfully created and the log level includes activity messages, an activity message will be logged noting the configuration file was saved and specifying the pathname to the file. If any errors are encountered while attempting to create the file (disk full, etc.) an error message will be written to the logfile.
FIG. 5 is a schematic diagram showing the display system 500. The display system 500 generates an annotated configuration file and displays the configuration that would be generated by the TFTP server 124 for a particular cable modem. To insure that the configuration file the display system 500 displays is representative of the one the TFTP server 124 would generate, much of the generation algorithm is shared and results in both a binary configuration file and an annotated configuration file. There are however two differences in the way configuration file generation is performed for the display system 500 verses generation for the TFTP server 124. Since accessing the display system 500 involves supplying an administrator username/password, generation requests from the display system 500 skip the authentication that confirms the request is legitimate. Authentication will only be performed on generation requests that originate from the TFTP server 124. The second difference involves the configuration data that will be used to generate the configuration file. To minimize concurrency issues with changes to configuration information made by an administrator while the TFTP server 124 is running, the TFTP server 124 will upon start-up create a snapshot of much of the configuration information stored in the LDAP directory and restrict its search for configuration information to this snapshot cache when gathering certain information for the configuration file generation. This partially isolates the TFTP server 124 from configuration changes made by a administrator until the server is reloaded and a new snapshot of the directory objects is taken. The display system 500 display is intended to show the configuration file that would be generated using the configuration information that is currently contained in the LDAP directory, so the pre-populated snapshot cache is not present in the display system 500. When generating a DOCSIS configuration file for the display system 500, the LDAP connection will be used to obtain objects from the LDAP directory that are not yet present in the directory cache.
While this invention has been particularly shown and described with references to preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention encompassed by the appended claims.
In one particular embodiment the present invention generates a binary configuration file, received by a cable modem, for the purposes of setting various configuration options in the cable modem. The present invention is not limited to binary files nor to files capable of setting configuration options. For example, software product initialization files can also be set in accordance with the present invention.

Claims (22)

What is claimed is:
1. A method of providing a configuration file to a configurable network device capable of sending a source identification encoded filename, comprising the steps of:
receiving the source identification encoded filename from the configurable network device;
parsing the source identification encoded filename to determine identification parameters;
matching the identification parameters to a set of configuration policy data to create configuration file parameters;
generating the configuration file from the configuration file parameters; and
sending the configuration file to the configurable network device.
2. The method of claim 1 further comprising the step of:
authenticating the source identification encoded filename.
3. The method of claim 1 further comprising the step of:
validating the configuration file.
4. The method of claim 1 wherein the steps are executed on a TFTP server, the source identification encoded filename is received from a cable modem and the configuration file is sent back to the cable modem.
5. The method of claim 4 wherein matching further comprises: querying an LDAP server for certain configuration policy data.
6. The method of claim 5 wherein the LDAP configuration parameters are cached on the TFTP server.
7. The method of claim 4 wherein the configuration file is a DOCSIS compliant file.
8. The method of claim 7 wherein non-version applicable DOCSIS configuration file parameters are not included when generating the configuration file.
9. The method of claim 1 further comprising the steps of:
generating an annotated configuration file from the configuration file parameters, the annotated configuration file being viewable through a user interface.
10. The method of claim 1 wherein the configuration file parameters are drawn from a hierarchy of policy elements that correspond to the physical or logical network topology.
11. A configuration file provider apparatus responsive to a configurable network device capable of sending a source identification encoded filenme, comprising:
a receiver receiving the source identification encoded filename from the configurable network device;
a parser determining identification parameters from the source identification encoded filename received from the configurable network device;
a matcher matching the identification parameters to a set of configuration policy data to create configuration file parameters;
a generator generating the configuration file from the configuration file parameters; and
a sender sending the configuration file to the configurable network device.
12. The apparatus of claim 11 further comprising:
an authenticator authenticating the source identification encoded filename.
13. The apparatus of claim 1 further comprising:
a validator validating the configuration file.
14. The apparatus of claim 11 wherein the parser, the matcher, the generator and the transmitter are components of a TFTP server, the source identification encoded filename is received from a cable modem and the configuration file is sent back to the cable modem.
15. The apparatus of claim 14 wherein the matcher further comprises: a query processor querying an LDAP server for certain configuration policy data.
16. The apparatus of claim 15 wherein the LDAP configuration parameters are cached on the TFTP server.
17. The apparatus of claim 14 wherein the configuration file is a DOCSIS compliant file.
18. The apparatus of claim 17 wherein non-version applicable DOCSIS configuration file parameters are not included when the generator generates the configuration file.
19. The apparatus of claim 11 further comprising:
a reporter generating an annotated configuration file from the configuration file parameters, the annotated configuration file being viewable through a user interface.
20. The apparatus of claim 11 wherein the configuration file parameters are drawn from a hierarchy of policy elements that correspond to the physical or logical network topology.
21. A computer program product comprising:
a computer usable medium for providing a configuration file to a configurable network device capable of sending a source identification encoded filename;
a set of computer program instructions embodied on the computer usable medium, including instructions to:
receive the source identification encoded filename from a the configurable network device;
parse the source identification encoded filename to determine identification parameters;
match the identification parameters to a set of configuration policy data to create configuration file parameters;
generate the configuration file from the configuration file parameters; and
send the configuration file to the configurable network device.
22. A propagated signal carried on an electromagnetic waveform for providing a configuration file to a configurable network device capable of sending a source identification encoded filename, the signal comprising a set of computer program instructions to:
receive the source identification encoded filename from the configurable network device;
parse the source identification encoded filename to determine identification parameters;
match the identification parameters to a set of configuration policy data to create configuration file parameters;
generate the configuration file from the configuration file parameters; and
send the configuration file to the configurable network device.
US09/470,105 1999-12-22 1999-12-22 Method and apparatus for generating configuration files using policy descriptions Expired - Lifetime US6598057B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09/470,105 US6598057B1 (en) 1999-12-22 1999-12-22 Method and apparatus for generating configuration files using policy descriptions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/470,105 US6598057B1 (en) 1999-12-22 1999-12-22 Method and apparatus for generating configuration files using policy descriptions

Publications (1)

Publication Number Publication Date
US6598057B1 true US6598057B1 (en) 2003-07-22

Family

ID=23866294

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/470,105 Expired - Lifetime US6598057B1 (en) 1999-12-22 1999-12-22 Method and apparatus for generating configuration files using policy descriptions

Country Status (1)

Country Link
US (1) US6598057B1 (en)

Cited By (83)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010038645A1 (en) * 2000-05-19 2001-11-08 Mckinnin Martin W. Allocating access across a shared communications medium of a DOCSIS 1.0 compliant cable network
US20020016857A1 (en) * 2000-06-20 2002-02-07 Adi Harari Address contact information retrieval, synchronization, and storage system
US20020046263A1 (en) * 2000-10-12 2002-04-18 Jacques Camerini Method of configuring an automation module on a TCP/IP network
US20020052937A1 (en) * 2000-11-02 2002-05-02 Microsoft Corporation Method and apparatus for verifying the contents of a global configuration file
US20020051204A1 (en) * 2000-06-05 2002-05-02 Fuji Xerox Co., Ltd. Printing system and printing control method therefor
US20020059404A1 (en) * 2000-03-20 2002-05-16 Schaaf Richard W. Organizing and combining a hierarchy of configuration parameters to produce an entity profile for an entity associated with a communications network
US20020087718A1 (en) * 2000-12-29 2002-07-04 Ibm Corporation Authentication referral search for LDAP
US20020198975A1 (en) * 2001-06-26 2002-12-26 Bogia Douglas P. Method for managing an appliance
US20030028521A1 (en) * 2001-07-16 2003-02-06 John Teloh Configuration for a storage network
US20030046352A1 (en) * 2001-03-13 2003-03-06 Takeo Katsuda Device, method and program product for data transmission management
US20030058794A1 (en) * 2001-09-27 2003-03-27 Broadcom Corporation Hardware filtering of unsolicited grant service extended headers
US20030105838A1 (en) * 2001-11-30 2003-06-05 Presley Darryl Lee System and method for actively managing an enterprise of configurable components
US20030126565A1 (en) * 2001-12-28 2003-07-03 International Business Machines Corporation Method and system for a timing based logic entry
US20030169735A1 (en) * 2002-03-05 2003-09-11 Broadcom Corporation Method, apparatus and computer program product for performing data packet classification
US20030177389A1 (en) * 2002-03-06 2003-09-18 Zone Labs, Inc. System and methodology for security policy arbitration
US20030217126A1 (en) * 2002-05-14 2003-11-20 Polcha Andrew J. System and method for automatically configuring remote computer
US20040019670A1 (en) * 2002-07-25 2004-01-29 Sridatta Viswanath Pluggable semantic verification and validation of configuration data
US6715075B1 (en) * 1999-07-08 2004-03-30 Intel Corporation Providing a configuration file to a communication device
US20040078591A1 (en) * 2002-10-18 2004-04-22 Zone Labs, Inc. Security System And Methodology For Providing Indirect Access Control
US20040107360A1 (en) * 2002-12-02 2004-06-03 Zone Labs, Inc. System and Methodology for Policy Enforcement
US20040167984A1 (en) * 2001-07-06 2004-08-26 Zone Labs, Inc. System Providing Methodology for Access Control with Cooperative Enforcement
US20050005154A1 (en) * 2003-07-03 2005-01-06 Andrew Danforth Method to block unauthorized access to TFTP server configuration files
US20050005145A1 (en) * 2003-07-02 2005-01-06 Zone Labs, Inc. System and Methodology Providing Information Lockbox
US20050015810A1 (en) * 2003-07-14 2005-01-20 Kenneth Gould System and method for managing provisioning parameters in a cable network
US20050076386A1 (en) * 2002-11-12 2005-04-07 Wade Carter Method and system for provisioning specification subsets for standards-based communication network devices
US20050198685A1 (en) * 2004-01-29 2005-09-08 Allen Walston Method and system for automatic support for multiple DOCSIS versions in a user device
US6993657B1 (en) 2000-09-08 2006-01-31 Oracle International Corporation Techniques for managing database systems with a community server
US7010802B1 (en) * 2000-03-01 2006-03-07 Conexant Systems, Inc. Programmable pattern match engine
US20060074952A1 (en) * 2004-09-27 2006-04-06 Rothman Michael A System and method to enable platform personality migration
US20060120282A1 (en) * 2000-05-19 2006-06-08 Carlson William S Apparatus and methods for incorporating bandwidth forecasting and dynamic bandwidth allocation into a broadband communication system
US7062642B1 (en) * 2000-05-20 2006-06-13 Ciena Corporation Policy based provisioning of network device resources
US20060218612A1 (en) * 2005-03-01 2006-09-28 Keith Johnson Fault detection and isolation system for an HFC cable network and method therefor
US20060218609A1 (en) * 2005-03-01 2006-09-28 Keith Johnson Early warning fault identification and isolation system for a two-way cable network
US20060236379A1 (en) * 2005-03-30 2006-10-19 Ali Negahdar Method and system for in-field recovery of security when a certificate authority has been compromised
US7130922B1 (en) * 2000-12-22 2006-10-31 Sprint Communications Comapny L.P. Integrated services hub reboot process
US7139818B1 (en) 2001-10-04 2006-11-21 Cisco Technology, Inc. Techniques for dynamic host configuration without direct communications between client and server
US20060262801A1 (en) * 2005-05-17 2006-11-23 Cisco Technology, Inc. Method and system for annotating configuration files
US20060294209A1 (en) * 2005-06-27 2006-12-28 Microsoft Corporation Pre-configured settings for portable devices
US20070005950A1 (en) * 2005-07-01 2007-01-04 Novell, Inc. System and method for enabling automated run-time input to network bootstrapping processes
US20070019557A1 (en) * 2005-07-21 2007-01-25 Catter Bruce L System and method for locating faults in a hybrid fiber coax (HFC) cable network
US20070044077A1 (en) * 2005-08-22 2007-02-22 Alok Kumar Srivastava Infrastructure for verifying configuration and health of a multi-node computer system
US20070044151A1 (en) * 2005-08-22 2007-02-22 International Business Machines Corporation System integrity manager
US20070047449A1 (en) * 2005-08-31 2007-03-01 Berger William H Cable modem analysis system and method therefor for an HFC cable network
US20070050825A1 (en) * 2005-08-31 2007-03-01 Bowen Todd P VOD transaction error correlator
US20070050836A1 (en) * 2005-08-31 2007-03-01 Stanek Matthew P System and method for evaluating the operational status of a STB in a cable network
US20070074261A1 (en) * 2005-08-31 2007-03-29 Bowen Todd P System and method for assigning and verifying CPE service calls in a cable network
US7209970B1 (en) * 2000-09-19 2007-04-24 Sprint Spectrum L.P. Authentication, application-authorization, and user profiling using dynamic directory services
WO2007010160A3 (en) * 2005-07-18 2007-05-10 France Telecom Method for configuring a terminal via an access network
US20070162420A1 (en) * 2004-01-21 2007-07-12 Oracle International Corporation Techniques for automatically discovering a database device on a network
US20070174435A1 (en) * 2001-04-24 2007-07-26 Piercy Neil P Configuration of LAN hosts
US20070239861A1 (en) * 2006-04-05 2007-10-11 Dell Products L.P. System and method for automated operating system installation
US20070260738A1 (en) * 2006-05-05 2007-11-08 Microsoft Corporation Secure and modifiable configuration files used for remote sessions
US7376719B1 (en) * 2004-04-14 2008-05-20 Juniper Networks, Inc. Automatic generation of configuration data using implementation-specific configuration policies
US20080144660A1 (en) * 2006-12-19 2008-06-19 Marcin Godlewski Dynamically adjusting bandwidth usage among subscriber streams
US20080175224A1 (en) * 2007-01-18 2008-07-24 Carlton Andrews System and Method for Configuring Voice Over IP Devices
US20080183746A1 (en) * 2007-01-30 2008-07-31 Hewlett-Packard Development Company, L.P. Generating configuration files
US7409435B1 (en) * 2002-02-28 2008-08-05 Sprint Communications Company L.P. Integrated services hub binary file trial run process
US7443883B2 (en) * 2004-12-07 2008-10-28 Comcast Cable Holdings, Llc Method and system of providing customer premise equipment code
US20090028176A1 (en) * 2007-07-27 2009-01-29 Marcin Godlewski Bandwidth Requests Transmitted According to Priority in a Centrally Managed Network
US20090043798A1 (en) * 2000-09-08 2009-02-12 Dean Tan Techniques for automatically developing a web site
US7506354B2 (en) 2005-08-31 2009-03-17 Time Warner Cable, Inc. VOD transaction error correlator
US20090150954A1 (en) * 2007-12-05 2009-06-11 Kim Taekyoon Server and method for controlling customer premises cable modem based on configuration information
US7565416B1 (en) 2004-04-14 2009-07-21 Juniper Networks, Inc. Automatic application of implementation-specific configuration policies
US7600003B1 (en) * 2002-04-22 2009-10-06 Cisco Technology, Inc. Method and apparatus for dynamically configuring customer premises network equipment
US20090292795A1 (en) * 2008-05-21 2009-11-26 Cisco Technology, Inc Configuration file override
US20100125602A1 (en) * 2008-11-17 2010-05-20 International Business Machines Corporation Method and system for annotation based secure caching
US20100198989A1 (en) * 2006-12-29 2010-08-05 Verizon Services Organization Inc. Assigning priority to network traffic at customer premises
US20110072119A1 (en) * 2009-09-24 2011-03-24 Salira Systems, Inc. Accelerated Cable Modem Restart Service
US20110310887A1 (en) * 2010-06-17 2011-12-22 Hon Hai Precision Industry Co., Ltd. Cable modem and method of supporting various packet cable protocols
US8136155B2 (en) 2003-04-01 2012-03-13 Check Point Software Technologies, Inc. Security system with methodology for interprocess communication control
US8335917B2 (en) 2008-08-12 2012-12-18 Cisco Technology, Inc. System for binding a device to a gateway to regulate service theft through cloning
US20130247128A1 (en) * 2001-09-21 2013-09-19 Alex J. Hinchliffe Distribution of security policies for small to medium-sized organizations
US20140366105A1 (en) * 2013-06-10 2014-12-11 Apple Inc. Configuring wireless accessory devices
US20160006607A1 (en) * 2013-03-18 2016-01-07 Hangzhou H3C Technologies Co., Ltd. Startup configuration file deployment
US20160359662A1 (en) * 2014-02-18 2016-12-08 Huawei Technologies Co., Ltd. Method, Apparatus, and System for Acquiring Configuration File
US20170289166A1 (en) * 2016-03-30 2017-10-05 Change Healthcare Llc Methods and apparatuses for providing improved directory services
CN107784007A (en) * 2016-08-29 2018-03-09 苏州普源精电科技有限公司 A kind of waveform editing method and device
US20180276403A1 (en) * 2017-03-23 2018-09-27 International Business Machines Corporation Privacy annotation from differential analysis of snapshots
US10560549B1 (en) * 2016-01-12 2020-02-11 Uber Technologies, Inc. Configuration updates of distributed applications
CN112579205A (en) * 2020-12-24 2021-03-30 平安普惠企业管理有限公司 Configuration file checking method and device, computer equipment and storage medium
CN113505269A (en) * 2021-07-02 2021-10-15 卡斯柯信号(成都)有限公司 Binary file detection method and device based on XML
US11196622B2 (en) * 2005-11-23 2021-12-07 Comcast Cable Communications, Llc Initializing, provisioning, and managing devices
US11386258B2 (en) 2019-11-19 2022-07-12 Salesforce.Com, Inc. Dynamic scalable vector graphics (SVG) system and methods for implementing the same

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5794033A (en) 1995-10-24 1998-08-11 International Business Machines Corporation Method and system for in-site and on-line reprogramming of hardware logics with remote loading in a network device
US5822565A (en) * 1995-09-08 1998-10-13 Digital Equipment Corporation Method and apparatus for configuring a computer system
US6009103A (en) * 1997-12-23 1999-12-28 Mediaone Group, Inc. Method and system for automatic allocation of resources in a network
US6023464A (en) * 1997-12-23 2000-02-08 Mediaone Group, Inc. Auto-provisioning of user equipment
US6061693A (en) * 1995-11-06 2000-05-09 Sun Microsystems, Inc. System and method for retrieving and updating configuration parameter values for application programs in a computer network
US6170008B1 (en) * 1998-12-07 2001-01-02 Mediaone Group, Inc. On-the-fly trivial file transfer protocol
US6195689B1 (en) * 1999-05-05 2001-02-27 Mediaone Group, Inc. Headend provisioning agent
US6286038B1 (en) 1998-08-03 2001-09-04 Nortel Networks Limited Method and apparatus for remotely configuring a network device
US20010019559A1 (en) * 1998-01-09 2001-09-06 Gemini Networks, Inc. System, method, and computer program product for end-user self-authentication
US20020003806A1 (en) * 2000-05-19 2002-01-10 Mckinnon Martin W. Allocating access across shared communications medium to user classes
US6374287B1 (en) 1996-01-24 2002-04-16 Sun Microsystems, Inc. Method and system for allowing client processes to run on distributed window server extensions
US6393478B1 (en) 1999-02-22 2002-05-21 Mediaone Group, Inc. Cable modem and personal computer troubleshooting tool

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5822565A (en) * 1995-09-08 1998-10-13 Digital Equipment Corporation Method and apparatus for configuring a computer system
US5794033A (en) 1995-10-24 1998-08-11 International Business Machines Corporation Method and system for in-site and on-line reprogramming of hardware logics with remote loading in a network device
US6061693A (en) * 1995-11-06 2000-05-09 Sun Microsystems, Inc. System and method for retrieving and updating configuration parameter values for application programs in a computer network
US6374287B1 (en) 1996-01-24 2002-04-16 Sun Microsystems, Inc. Method and system for allowing client processes to run on distributed window server extensions
US6009103A (en) * 1997-12-23 1999-12-28 Mediaone Group, Inc. Method and system for automatic allocation of resources in a network
US6023464A (en) * 1997-12-23 2000-02-08 Mediaone Group, Inc. Auto-provisioning of user equipment
US20010019559A1 (en) * 1998-01-09 2001-09-06 Gemini Networks, Inc. System, method, and computer program product for end-user self-authentication
US6286038B1 (en) 1998-08-03 2001-09-04 Nortel Networks Limited Method and apparatus for remotely configuring a network device
US6170008B1 (en) * 1998-12-07 2001-01-02 Mediaone Group, Inc. On-the-fly trivial file transfer protocol
US6393478B1 (en) 1999-02-22 2002-05-21 Mediaone Group, Inc. Cable modem and personal computer troubleshooting tool
US6195689B1 (en) * 1999-05-05 2001-02-27 Mediaone Group, Inc. Headend provisioning agent
US20020003806A1 (en) * 2000-05-19 2002-01-10 Mckinnon Martin W. Allocating access across shared communications medium to user classes

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Data over Cable Interface Specifications: Cable Modem Termination System-Network Side Interface Specification," MCNS Holdings, L.P. (1996).
"Data-over-Cable Service Interface Specifications: Cable Modem to Customer Premise Equipment Interface Specification," Cable Television Laboratories, Inc. (1998).

Cited By (169)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110173156A1 (en) * 1999-01-29 2011-07-14 Oracle International Corporation Techniques for automatically discovering a database device on a network
US9047322B2 (en) 1999-01-29 2015-06-02 Oracle International Corporation Techniques for automatically discovering a database device on a network
US6715075B1 (en) * 1999-07-08 2004-03-30 Intel Corporation Providing a configuration file to a communication device
US7010802B1 (en) * 2000-03-01 2006-03-07 Conexant Systems, Inc. Programmable pattern match engine
US20020059404A1 (en) * 2000-03-20 2002-05-16 Schaaf Richard W. Organizing and combining a hierarchy of configuration parameters to produce an entity profile for an entity associated with a communications network
US20060120282A1 (en) * 2000-05-19 2006-06-08 Carlson William S Apparatus and methods for incorporating bandwidth forecasting and dynamic bandwidth allocation into a broadband communication system
US20090213871A1 (en) * 2000-05-19 2009-08-27 Cisco Technology, Inc. Apparatus and Methods for Incorporating Bandwidth Forecasting and Dynamic Bandwidth Allocation into a Broadband Communication System
US7983272B2 (en) 2000-05-19 2011-07-19 Carlson William S Apparatus and methods for incorporating bandwidth forecasting and dynamic bandwidth allocation into a broadband communication system
US7925750B2 (en) 2000-05-19 2011-04-12 Mckinnon Iii Martin W Allocations of access across a communications medium
US6917628B2 (en) * 2000-05-19 2005-07-12 Scientific-Atlanta, Inc. Allocating access across a shared communications medium of a DOCSIS 1.0 compliant cable network
US20090070454A1 (en) * 2000-05-19 2009-03-12 Scientific-Atlanta, Inc. Allocating access across shared communication medium
US7499453B2 (en) 2000-05-19 2009-03-03 Cisco Technology, Inc. Apparatus and methods for incorporating bandwidth forecasting and dynamic bandwidth allocation into a broadband communication system
US7970011B2 (en) 2000-05-19 2011-06-28 Carlson William S Apparatus and methods for incorporating bandwidth forecasting and dynamic bandwidth allocation into a broadband communication system
US20090207731A1 (en) * 2000-05-19 2009-08-20 Cisco Technology, Inc. Apparatus and Methods for Incorporating Bandwidth Forecasting and Dynamic Bandwidth Allocation into a Broadband Communication System
US7920594B2 (en) 2000-05-19 2011-04-05 Carlson William S Apparatus and methods for incorporating bandwidth forecasting and dynamic bandwidth allocation into a broadband communication system
US7856497B2 (en) 2000-05-19 2010-12-21 Mckinnon Iii Martin W Method for determining an appropriate algorithm to apply for forecasting network access usage
US20010038645A1 (en) * 2000-05-19 2001-11-08 Mckinnin Martin W. Allocating access across a shared communications medium of a DOCSIS 1.0 compliant cable network
US20080037578A1 (en) * 2000-05-19 2008-02-14 Carlson William S Apparatus and methods for incorporating bandwidth forecasting and dynamic bandwidth allocation into a broadband communication system
US20060114926A1 (en) * 2000-05-19 2006-06-01 Martin McKinnon Methods of allocating access across a shared communications medium
US7848234B2 (en) 2000-05-19 2010-12-07 Mckinnon Iii Martin W Allocating access across shared communication medium to user classes
US7957417B2 (en) 2000-05-19 2011-06-07 Mckinnon Iii Martin W Methods of allocating access across a shared communications medium
US7062642B1 (en) * 2000-05-20 2006-06-13 Ciena Corporation Policy based provisioning of network device resources
US20020051204A1 (en) * 2000-06-05 2002-05-02 Fuji Xerox Co., Ltd. Printing system and printing control method therefor
US20020016857A1 (en) * 2000-06-20 2002-02-07 Adi Harari Address contact information retrieval, synchronization, and storage system
US7739308B2 (en) 2000-09-08 2010-06-15 Oracle International Corporation Techniques for automatically provisioning a database over a wide area network
US8321457B2 (en) 2000-09-08 2012-11-27 Oracle International Corporation Techniques for automatically developing a web site
US8849850B2 (en) 2000-09-08 2014-09-30 Oracle International Corporation Techniques for automatically provisioning a database over a wide area network
US7536686B2 (en) 2000-09-08 2009-05-19 Oracle International Corporation Techniques for automatically installing and configuring database applications
US20090043798A1 (en) * 2000-09-08 2009-02-12 Dean Tan Techniques for automatically developing a web site
US8478778B2 (en) 2000-09-08 2013-07-02 Oracle International Corporation Techniques for automatically provisioning a database over a wide area network
US6993657B1 (en) 2000-09-08 2006-01-31 Oracle International Corporation Techniques for managing database systems with a community server
US7209970B1 (en) * 2000-09-19 2007-04-24 Sprint Spectrum L.P. Authentication, application-authorization, and user profiling using dynamic directory services
US20020046263A1 (en) * 2000-10-12 2002-04-18 Jacques Camerini Method of configuring an automation module on a TCP/IP network
US6892231B2 (en) * 2000-11-02 2005-05-10 Microsoft Corporation Method and apparatus for verifying the contents of a global configuration file
US20020052937A1 (en) * 2000-11-02 2002-05-02 Microsoft Corporation Method and apparatus for verifying the contents of a global configuration file
US7130922B1 (en) * 2000-12-22 2006-10-31 Sprint Communications Comapny L.P. Integrated services hub reboot process
US20020087718A1 (en) * 2000-12-29 2002-07-04 Ibm Corporation Authentication referral search for LDAP
US7016897B2 (en) * 2000-12-29 2006-03-21 International Business Machines Corporation Authentication referral search for LDAP
US20030046352A1 (en) * 2001-03-13 2003-03-06 Takeo Katsuda Device, method and program product for data transmission management
US7752267B2 (en) * 2001-03-13 2010-07-06 Minolta Co., Ltd. Device, method and program product for data transmission management
US20070174435A1 (en) * 2001-04-24 2007-07-26 Piercy Neil P Configuration of LAN hosts
US20020198975A1 (en) * 2001-06-26 2002-12-26 Bogia Douglas P. Method for managing an appliance
US20040167984A1 (en) * 2001-07-06 2004-08-26 Zone Labs, Inc. System Providing Methodology for Access Control with Cooperative Enforcement
US7590684B2 (en) 2001-07-06 2009-09-15 Check Point Software Technologies, Inc. System providing methodology for access control with cooperative enforcement
US6917929B2 (en) * 2001-07-16 2005-07-12 Sun Microsystems, Inc. Configuration for a storage network
US20030028521A1 (en) * 2001-07-16 2003-02-06 John Teloh Configuration for a storage network
US8621077B2 (en) * 2001-09-21 2013-12-31 Mcafee, Inc. Distribution of security policies for small to medium-sized organizations
US20130247128A1 (en) * 2001-09-21 2013-09-19 Alex J. Hinchliffe Distribution of security policies for small to medium-sized organizations
US7869456B2 (en) 2001-09-27 2011-01-11 Broadcom Corporation Method for determining whether adequate bandwidth is being provided during an unsolicited grant flow
US20030058794A1 (en) * 2001-09-27 2003-03-27 Broadcom Corporation Hardware filtering of unsolicited grant service extended headers
US20070030805A1 (en) * 2001-09-27 2007-02-08 Broadcom Corporation Hardware filtering of unsolicited grant service extended headers
US7379472B2 (en) * 2001-09-27 2008-05-27 Broadcom Corporation Hardware filtering of unsolicited grant service extended headers
US7843955B2 (en) 2001-09-27 2010-11-30 Broadcom Corporation Hardware filtering of unsolicited grant service extended headers
US7152117B1 (en) * 2001-10-04 2006-12-19 Cisco Technology, Inc. Techniques for dynamic host configuration using overlapping network
US7139818B1 (en) 2001-10-04 2006-11-21 Cisco Technology, Inc. Techniques for dynamic host configuration without direct communications between client and server
US20030105838A1 (en) * 2001-11-30 2003-06-05 Presley Darryl Lee System and method for actively managing an enterprise of configurable components
US7418484B2 (en) * 2001-11-30 2008-08-26 Oracle International Corporation System and method for actively managing an enterprise of configurable components
US6789234B2 (en) 2001-12-28 2004-09-07 International Business Machines Corporation Method and system for a timing based logic entry
US20030126565A1 (en) * 2001-12-28 2003-07-03 International Business Machines Corporation Method and system for a timing based logic entry
US7409435B1 (en) * 2002-02-28 2008-08-05 Sprint Communications Company L.P. Integrated services hub binary file trial run process
US7423975B2 (en) * 2002-03-05 2008-09-09 Broadcom Corporation Method, apparatus and computer program product for performing data packet classification
US20030169735A1 (en) * 2002-03-05 2003-09-11 Broadcom Corporation Method, apparatus and computer program product for performing data packet classification
US7546629B2 (en) 2002-03-06 2009-06-09 Check Point Software Technologies, Inc. System and methodology for security policy arbitration
US20030177389A1 (en) * 2002-03-06 2003-09-18 Zone Labs, Inc. System and methodology for security policy arbitration
US7600003B1 (en) * 2002-04-22 2009-10-06 Cisco Technology, Inc. Method and apparatus for dynamically configuring customer premises network equipment
US7844718B2 (en) * 2002-05-14 2010-11-30 Polcha Andrew J System and method for automatically configuring remote computer
US20080034200A1 (en) * 2002-05-14 2008-02-07 Polcha Andrew J System and method for automatically configuring remote computer
US20030217126A1 (en) * 2002-05-14 2003-11-20 Polcha Andrew J. System and method for automatically configuring remote computer
US8073935B2 (en) 2002-07-25 2011-12-06 Oracle America, Inc. Pluggable semantic verification and validation of configuration data
US20040019670A1 (en) * 2002-07-25 2004-01-29 Sridatta Viswanath Pluggable semantic verification and validation of configuration data
US6850943B2 (en) 2002-10-18 2005-02-01 Check Point Software Technologies, Inc. Security system and methodology for providing indirect access control
US20040078591A1 (en) * 2002-10-18 2004-04-22 Zone Labs, Inc. Security System And Methodology For Providing Indirect Access Control
US8886808B2 (en) * 2002-11-12 2014-11-11 Arris Enterprises, Inc. Method and system for provisioning specification subsets for standards-based communication network devices
US20050076386A1 (en) * 2002-11-12 2005-04-07 Wade Carter Method and system for provisioning specification subsets for standards-based communication network devices
US9654339B1 (en) * 2002-11-12 2017-05-16 Arris Enterprises, Inc. Method and system for provisioning specification subsets for standards-based communication network devices
US20040107360A1 (en) * 2002-12-02 2004-06-03 Zone Labs, Inc. System and Methodology for Policy Enforcement
US8136155B2 (en) 2003-04-01 2012-03-13 Check Point Software Technologies, Inc. Security system with methodology for interprocess communication control
US20050005145A1 (en) * 2003-07-02 2005-01-06 Zone Labs, Inc. System and Methodology Providing Information Lockbox
US7788726B2 (en) 2003-07-02 2010-08-31 Check Point Software Technologies, Inc. System and methodology providing information lockbox
US7293282B2 (en) * 2003-07-03 2007-11-06 Time Warner Cable, Inc. Method to block unauthorized access to TFTP server configuration files
US20050005154A1 (en) * 2003-07-03 2005-01-06 Andrew Danforth Method to block unauthorized access to TFTP server configuration files
US7376718B2 (en) * 2003-07-14 2008-05-20 Time Warner Cable System and method for managing provisioning parameters in a cable network
US20050015810A1 (en) * 2003-07-14 2005-01-20 Kenneth Gould System and method for managing provisioning parameters in a cable network
US20070162420A1 (en) * 2004-01-21 2007-07-12 Oracle International Corporation Techniques for automatically discovering a database device on a network
US20050198685A1 (en) * 2004-01-29 2005-09-08 Allen Walston Method and system for automatic support for multiple DOCSIS versions in a user device
US8166140B1 (en) 2004-04-14 2012-04-24 Juniper Networks, Inc. Automatic application of implementation-specific configuration policies
US7376719B1 (en) * 2004-04-14 2008-05-20 Juniper Networks, Inc. Automatic generation of configuration data using implementation-specific configuration policies
US7565416B1 (en) 2004-04-14 2009-07-21 Juniper Networks, Inc. Automatic application of implementation-specific configuration policies
US7246224B2 (en) * 2004-09-27 2007-07-17 Intel Corporation System and method to enable platform personality migration
US20060074952A1 (en) * 2004-09-27 2006-04-06 Rothman Michael A System and method to enable platform personality migration
US7443883B2 (en) * 2004-12-07 2008-10-28 Comcast Cable Holdings, Llc Method and system of providing customer premise equipment code
US20060218612A1 (en) * 2005-03-01 2006-09-28 Keith Johnson Fault detection and isolation system for an HFC cable network and method therefor
US7930725B2 (en) 2005-03-01 2011-04-19 Time Warner Cable, Inc. Early warning fault identification and isolation system for a two-way cable network
US20060218609A1 (en) * 2005-03-01 2006-09-28 Keith Johnson Early warning fault identification and isolation system for a two-way cable network
US7594252B2 (en) 2005-03-01 2009-09-22 Time Warner Cable, Inc. Early warning fault identification and isolation system for a two-way cable network
US20090300702A1 (en) * 2005-03-01 2009-12-03 Keith Johnson Early Warning Fault Identification and Isolation System for a Two-Way Cable Network
US8266424B2 (en) * 2005-03-30 2012-09-11 Arris Group, Inc. Method and system for in-field recovery of security when a certificate authority has been compromised
US20060236379A1 (en) * 2005-03-30 2006-10-19 Ali Negahdar Method and system for in-field recovery of security when a certificate authority has been compromised
US20060262801A1 (en) * 2005-05-17 2006-11-23 Cisco Technology, Inc. Method and system for annotating configuration files
US7523101B2 (en) 2005-05-17 2009-04-21 Cisco Technology, Inc. Method and system for annotating configuration files
US7467162B2 (en) * 2005-06-27 2008-12-16 Microsoft Corporation Pre-configured settings for portable devices
CN101273353B (en) * 2005-06-27 2012-06-06 微软公司 Pre-configured settings for portable devices
US20060294209A1 (en) * 2005-06-27 2006-12-28 Microsoft Corporation Pre-configured settings for portable devices
WO2007001606A3 (en) * 2005-06-27 2007-11-22 Microsoft Corp Pre-configured settings for portable devices
TWI391831B (en) * 2005-06-27 2013-04-01 Microsoft Corp Pre-configured settings for portable devices
US7356685B2 (en) * 2005-07-01 2008-04-08 Novell, Inc. System and method for enabling automated run-time input to network bootstrapping processes
US20070005950A1 (en) * 2005-07-01 2007-01-04 Novell, Inc. System and method for enabling automated run-time input to network bootstrapping processes
USRE44299E1 (en) 2005-07-01 2013-06-11 Novell Intellectual Property Holdings, Inc. System and method for enabling automated run-time input to network bootstrapping processes
WO2007010160A3 (en) * 2005-07-18 2007-05-10 France Telecom Method for configuring a terminal via an access network
US7706252B2 (en) 2005-07-21 2010-04-27 Time Warner Cable, Inc. System and method for locating faults in a hybrid fiber coax (HFC) cable network
US20070019557A1 (en) * 2005-07-21 2007-01-25 Catter Bruce L System and method for locating faults in a hybrid fiber coax (HFC) cable network
US7434041B2 (en) 2005-08-22 2008-10-07 Oracle International Corporation Infrastructure for verifying configuration and health of a multi-node computer system
US20070044077A1 (en) * 2005-08-22 2007-02-22 Alok Kumar Srivastava Infrastructure for verifying configuration and health of a multi-node computer system
US20070044151A1 (en) * 2005-08-22 2007-02-22 International Business Machines Corporation System integrity manager
US20070050836A1 (en) * 2005-08-31 2007-03-01 Stanek Matthew P System and method for evaluating the operational status of a STB in a cable network
US20070047449A1 (en) * 2005-08-31 2007-03-01 Berger William H Cable modem analysis system and method therefor for an HFC cable network
US7509669B2 (en) 2005-08-31 2009-03-24 Time Warner Cable, Inc. VOD transaction error correlator
US7506354B2 (en) 2005-08-31 2009-03-17 Time Warner Cable, Inc. VOD transaction error correlator
US20070074261A1 (en) * 2005-08-31 2007-03-29 Bowen Todd P System and method for assigning and verifying CPE service calls in a cable network
US7810127B2 (en) 2005-08-31 2010-10-05 Time Warner Cable, Inc. System and method for evaluating the operational status of a STB in a cable network
US20070050825A1 (en) * 2005-08-31 2007-03-01 Bowen Todd P VOD transaction error correlator
US8161517B2 (en) 2005-08-31 2012-04-17 Time Warner Cable, Inc. System and method for assigning and verifying CPE service calls in a cable network
US7596800B2 (en) 2005-08-31 2009-09-29 Time Warner Cable, Inc. System and method for assigning and verifying CPE service calls in a cable network
US7599300B2 (en) * 2005-08-31 2009-10-06 Time Warner Cable, Inc. Cable modem analysis system and method therefor for an HFC cable network
US11196622B2 (en) * 2005-11-23 2021-12-07 Comcast Cable Communications, Llc Initializing, provisioning, and managing devices
US20070239861A1 (en) * 2006-04-05 2007-10-11 Dell Products L.P. System and method for automated operating system installation
US7730302B2 (en) * 2006-05-05 2010-06-01 Microsoft Corporation Secure and modifiable configuration files used for remote sessions
US20070260738A1 (en) * 2006-05-05 2007-11-08 Microsoft Corporation Secure and modifiable configuration files used for remote sessions
US8654638B2 (en) 2006-12-19 2014-02-18 Marcin Godlewski Dynamically adjusting bandwidth usage among subscriber streams
US20080144660A1 (en) * 2006-12-19 2008-06-19 Marcin Godlewski Dynamically adjusting bandwidth usage among subscriber streams
US20100198989A1 (en) * 2006-12-29 2010-08-05 Verizon Services Organization Inc. Assigning priority to network traffic at customer premises
US8099517B2 (en) * 2006-12-29 2012-01-17 Verizon Patent And Licensing Inc. Assigning priority to network traffic at customer premises
US20080175224A1 (en) * 2007-01-18 2008-07-24 Carlton Andrews System and Method for Configuring Voice Over IP Devices
EP1953652A1 (en) * 2007-01-30 2008-08-06 Hewlett-Packard Development Company, L.P. Generating configuration files
US8762355B2 (en) 2007-01-30 2014-06-24 Hewlett-Packard Development Company, L.P. Generating configuration files
US20080183746A1 (en) * 2007-01-30 2008-07-31 Hewlett-Packard Development Company, L.P. Generating configuration files
US20090028176A1 (en) * 2007-07-27 2009-01-29 Marcin Godlewski Bandwidth Requests Transmitted According to Priority in a Centrally Managed Network
US8116337B2 (en) 2007-07-27 2012-02-14 Marcin Godlewski Bandwidth requests transmitted according to priority in a centrally managed network
US20090150954A1 (en) * 2007-12-05 2009-06-11 Kim Taekyoon Server and method for controlling customer premises cable modem based on configuration information
US8473589B2 (en) * 2008-05-21 2013-06-25 Cisco Technology, Inc. Configuration file override
US20120246283A1 (en) * 2008-05-21 2012-09-27 Cisco Technology, Inc Configuration file override
US8224936B2 (en) * 2008-05-21 2012-07-17 Cisco Technology, Inc. Configuration file override
US20090292795A1 (en) * 2008-05-21 2009-11-26 Cisco Technology, Inc Configuration file override
US8335917B2 (en) 2008-08-12 2012-12-18 Cisco Technology, Inc. System for binding a device to a gateway to regulate service theft through cloning
US20100125602A1 (en) * 2008-11-17 2010-05-20 International Business Machines Corporation Method and system for annotation based secure caching
US9087211B2 (en) 2008-11-17 2015-07-21 International Business Machines Corporation Method and system for annotation based secure caching
US20110072119A1 (en) * 2009-09-24 2011-03-24 Salira Systems, Inc. Accelerated Cable Modem Restart Service
US8489717B2 (en) * 2009-09-24 2013-07-16 Hitachi, Ltd. Accelerated cable modem restart service
US20110310887A1 (en) * 2010-06-17 2011-12-22 Hon Hai Precision Industry Co., Ltd. Cable modem and method of supporting various packet cable protocols
US20160006607A1 (en) * 2013-03-18 2016-01-07 Hangzhou H3C Technologies Co., Ltd. Startup configuration file deployment
US9900213B2 (en) * 2013-03-18 2018-02-20 Hewlett Packard Enterprise Development Lp Startup configuration file deployment
US10257705B2 (en) * 2013-06-10 2019-04-09 Apple Inc. Configuring wireless accessory devices
US20140366105A1 (en) * 2013-06-10 2014-12-11 Apple Inc. Configuring wireless accessory devices
US20160359662A1 (en) * 2014-02-18 2016-12-08 Huawei Technologies Co., Ltd. Method, Apparatus, and System for Acquiring Configuration File
US10673692B2 (en) * 2014-02-18 2020-06-02 Huawei Technologies Co., Ltd. Method, apparatus, and system for acquiring configuration file
US10560549B1 (en) * 2016-01-12 2020-02-11 Uber Technologies, Inc. Configuration updates of distributed applications
US20170289166A1 (en) * 2016-03-30 2017-10-05 Change Healthcare Llc Methods and apparatuses for providing improved directory services
US10404710B2 (en) * 2016-03-30 2019-09-03 Change Healthcare Holdings, Llc Methods and apparatuses for providing improved directory services
CN107784007A (en) * 2016-08-29 2018-03-09 苏州普源精电科技有限公司 A kind of waveform editing method and device
CN107784007B (en) * 2016-08-29 2023-04-18 普源精电科技股份有限公司 Waveform editing method and device
US10552633B2 (en) * 2017-03-23 2020-02-04 International Business Machines Corporation Privacy annotation from differential analysis of snapshots
US20180276403A1 (en) * 2017-03-23 2018-09-27 International Business Machines Corporation Privacy annotation from differential analysis of snapshots
US11386258B2 (en) 2019-11-19 2022-07-12 Salesforce.Com, Inc. Dynamic scalable vector graphics (SVG) system and methods for implementing the same
US11481540B2 (en) 2019-11-19 2022-10-25 Salesforce.Com, Inc. Discrepancy resolution processor and methods for implementing the same
US11526655B2 (en) 2019-11-19 2022-12-13 Salesforce.Com, Inc. Machine learning systems and methods for translating captured input images into an interactive demonstration presentation for an envisioned software product
US11635944B2 (en) * 2019-11-19 2023-04-25 Salesforce.Com, Inc. Methods and systems for programmatic creation of an interactive demonstration presentation for an envisioned software product
CN112579205B (en) * 2020-12-24 2023-02-14 平安普惠企业管理有限公司 Configuration file checking method and device, computer equipment and storage medium
CN112579205A (en) * 2020-12-24 2021-03-30 平安普惠企业管理有限公司 Configuration file checking method and device, computer equipment and storage medium
CN113505269A (en) * 2021-07-02 2021-10-15 卡斯柯信号(成都)有限公司 Binary file detection method and device based on XML

Similar Documents

Publication Publication Date Title
US6598057B1 (en) Method and apparatus for generating configuration files using policy descriptions
US6715075B1 (en) Providing a configuration file to a communication device
US6170008B1 (en) On-the-fly trivial file transfer protocol
US8239506B2 (en) System and method for affecting the behavior of a network device in a cable network
US6393478B1 (en) Cable modem and personal computer troubleshooting tool
US8789140B2 (en) System and method for interfacing with heterogeneous network data gathering tools
US9009778B2 (en) Segmented network identity management
US7808904B2 (en) Method and apparatus for managing subscriber profiles
US7506055B2 (en) System and method for filtering of web-based content stored on a proxy cache server
US8874743B1 (en) Systems and methods for implementing dynamic subscriber interfaces
US7290130B2 (en) Information distributing system and method thereof
US6968498B1 (en) System and method for verifying validity of transmission data based on a numerical identifier for the data
KR20090000289A (en) Network auto login system
CN114143113B (en) Safety tracing device and method suitable for IPv6/IPv4 access service
Nechamkin et al. Multimedia Terminal Adapter (MTA) Management Information Base for PacketCable-and IPCablecom-Compliant Devices
Presuhn Internet Engineering Task Force (IETF) K. Narayan Request for Comments: 6065 Cisco Systems, Inc. Category: Standards Track D. Nelson
Pleschiutschnig The effects on system security and provisioning process flows caused by a dynamic trivial file transfer protocol service in large service provider networks
Nechamkin et al. RFC 4682: Multimedia Terminal Adapter (MTA) Management Information Base for PacketCable-and IPCablecom-Compliant Devices
Plan TCG CONFIDENTIAL
Specifications Preliminary
KR20070022517A (en) A method and DHCP server to distribute IP addresses by policy

Legal Events

Date Code Title Description
AS Assignment

Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SYNNESTVEDT, ERIK J.;MORRIS, GREGORY F.;GABRIELSON, HUGH W.;AND OTHERS;REEL/FRAME:010651/0732;SIGNING DATES FROM 19991212 TO 19991221

STCF Information on status: patent grant

Free format text: PATENTED CASE

CC Certificate of correction
FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

FPAY Fee payment

Year of fee payment: 12